- Install git and gnupg. You can get the "Simple installer for the current GnuPG" instead of the full featured version.
- Create a new identity. The email here should match your GitHub account's email! The "Real Name" you choose here will be your "user id" in step 5. If you decide to set a passphrase, it will need to be entered for every commit.
gpg --gen-key
- Add the public key of your newly created gpg identity to your github keys so that github can verify your locally signed commits.
- Find your newly created identity.
In the example print out below, the gpg id is "9794C0815DD517AC".gpg --list-secret-keys --keyid-format=longsec rsa3072/9794C0815DD517AC 2022-08-23 [SC] [expires: 2024-08-22] C3E518D31EDC2F2055036E4C9794C0815DD517AC uid [ultimate] John Doe <jdoe@contoso.com> ssb rsa3072/CA147602C62ED40C 2022-08-23 [E] [expires: 2024-08-22]- Print the public key.
gpg --armor --export 9794C0815DD517AC- Copy the public key and add it to your github keys.
- Tell git to use gpg identities for credential storage, to use your newly created key, to sign your commits with the private gpg key, and where gpg is (this will prevent an issue in VSCode).
git config --global credential.credentialStore gpg
git config --global user.signingkey 9794C0815DD517AC
git config --global commit.gpgsign true
git config --global gpg.program "C:\Program Files (x86)\gnupg\bin\gpg.exe"
- Don't forget to set name and email in the git configuration if you haven't yet.
git config --global user.name "John Doe"
git config --global user.email jdoe@contoso.com
If you set up a passphrase on your gpg identity, you will only have to remember that to decrypt the gpg key. If not, it will be entirely automatic.