Probably one of the easiest things you'll ever do with
Install Keybase: https://keybase.io/download and Ensure the keybase cli is in your
First get the public key
keybase pgp export | gpg --import
Next get the private key
keybase pgp export --secret | gpg --allow-secret-key --import
Looks for something like
sec 4096R/C9D8E1A1 2017-02-16 [expires: 2033-02-12] uid Sean Escriva <email@example.com> ssb 4096R/CC67212E 2017-02-16
The email address should match your Github email.
C9D8E1A1 part is what you need next. By default this key is untrusted, so we'll fix that.
To edit trust:
$ gpg --edit-key C9D8E1A1 gpg> trust Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.) 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu Your decision? 5 Do you really want to set this key to ultimate trust? (y/N) y
There are many levels of trust so choose what you're comfortable with.
$ git config --global user.signingkey C9D8E1A1 $ git config --global commit.gpgsign true
Now add it to your Github profile:
gpg --armor --export C9D8E1A1 | xclip
Add it to your GitHub profile under Settings/SSH and GPG keys.
pbcopy for your current platform.
Use gpg agent if you don't want to enter the password every time.
View signed commits with :
git log --show-signature -1