Initial setup - Make sure you installed:
brew install gnupg pinentry-mac
You also have to do:
export GPG_TTY=$(tty)
# if you use fish
set -Ux GPG_TTY (tty)
-
Check if you have gpg keys
gpg --list-secret-keys --keyid-format LONG
-
Import your pub/sec keypair
gpg --import path/to/pub-key.asc
-
Globally sign everything
git config --global commit.gpgsign true
-
You may need to do this
git config --global user.signingkey <YOUR_KEY>
Guide: https://help.ubuntu.com/community/GnuPrivacyGuardHowto (check Tips and Tricks)
# ~/.gnupg/gpg.conf
keyserver-options auto-key-retrieve
use-agent # for ubuntu only
# ~/.gnupg/gpg-agent.conf
# 86400 = 1 day
# 604800 = 1 week
pinentry-program /usr/bin/pinentry-gtk-2 # for ubuntu use pinentry-qt4
default-cache-ttl 604800
max-cache-ttl 604800
# For macOS instead, this is all you need (plus the cache-ttl stuff):
pinentry-program /usr/local/bin/pinentry-mac
enable-ssh-support
# ~/.gnupg/gpg-agent.conf
# Connects gpg-agent to the OSX keychain via the brew-installed
# pinentry program from GPGtools. This is the OSX 'magic sauce',
# allowing the gpg key's passphrase to be stored in the login
# keychain, enabling automatic key signing.
pinentry-program /usr/local/bin/pinentry-mac
Then, sign a test message so pinentry-mac can store your password in the keychain:
echo "test" | gpg --clearsign
This should open a dialog prompting your password. Remember to check “Save in Keychain”.