Skip to content

Instantly share code, notes, and snippets.

@tcldr

tcldr/gpg-agent.conf

Last active May 16, 2020 14:33
Show Gist options
  • Save tcldr/b1cf5df2a1800d983516f9b1a7d22669 to your computer and use it in GitHub Desktop.
Save tcldr/b1cf5df2a1800d983516f9b1a7d22669 to your computer and use it in GitHub Desktop.
Download ZIP
GitHub GPG verification set-up macOS
Raw
gpg-agent.conf
# ~/.gnupg/gpg-agent.conf
#
# Connects gpg-agent to the OSX keychain via the brew-installed
# pinentry program from GPGtools. This is the OSX 'magic sauce',
# allowing the gpg key's passphrase to be stored in the login
# keychain, enabling automatic key signing.
pinentry-program /usr/local/bin/pinentry-mac
Raw
steps.txt
# based on steps at:
# https://dev.to/wes/how2-using-gpg-on-macos-without-gpgtools-428f
#
brew install gpg2 pinentry-mac
# add GPG agent conf to ~/.gnupg/gpg-agent.conf
echo 'pinentry-program /usr/local/bin/pinentry-mac' > ~/.gnupg/gpg-agent.conf
# if no key yet, use at least 4096 length,
# match name and email to github account and
# enter passphrase and save to password manager
# (1password/keychain). If key already exists
# skip this step.
gpg --full-generate-key
# find the key id
gpg --list-secret-keys --keyid-format LONG
# (will be line matching: `sec rsa4096/<KEY ID> 1970-01-01 [SC]`)
# generate public key
gpg --armor -export <KEY ID>
# add to github > settings > ssh and gpg keys
# configure git to use signing
git config --global user.signingkey <KEY ID>
git config --global commit.gpgsign true
# enter passphrase on first commit (probably best to use git CLI for this)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment