Windows only:
-
Install gpg4win
winget install gnupg.Gpg4win
or download it from https://gpg4win.org
-
Configure Git to use the Gpg4win Kleopatra Git needs to know the path to the GPG executable. You can set it with the following command:
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"
Replace
"C:\Program Files (x86)\GnuPG\bin\gpg.exe"
with the actual path to yourgpg.exe
.
MacOS only:
- Install GPG
brew install gpg
-
Generate a new GPG key pair: Open your terminal and type the following command:
gpg --full-generate-key
Follow the prompts to generate your key pair.
-
List your GPG keys: You can list your GPG keys with the following command:
gpg --list-secret-keys --keyid-format LONG
From the list of GPG keys, copy the GPG key ID you'd like to use. In this example, the GPG key ID is
3AA5C34371567BD2
:/Users/hubot/.gnupg/secring.gpg ------------------------------------ sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
-
Export the GPG key: Paste the text below, substituting in the GPG key ID you'd like to use. In this example, the GPG key ID is
3AA5C34371567BD2
:gpg --armor --export 3AA5C34371567BD2
Copy your GPG key, beginning with
-----BEGIN PGP PUBLIC KEY BLOCK-----
and ending with-----END PGP PUBLIC KEY BLOCK-----
. -
Add the GPG key to your GitHub account: Go to your GitHub settings, click on "SSH and GPG keys", click on "New GPG key", and paste your GPG key into the "Key" field.
-
Tell Git about your GPG key: Set your GPG signing key in Git. Paste the text below, substituting in the GPG key ID you'd like to use:
git config --global user.signingkey 3AA5C34371567BD2
-
Sign commits: When you commit changes, you can add the
-S
option to sign it:git commit -S -m "your commit message"
-
Push your commits to GitHub: When you push your commits to GitHub, you'll see a "Verified" label on GitHub next to each of your signed commits.
Remember to replace 3AA5C34371567BD2
with your actual GPG key ID.
-
Enable global signing
git config --global commit.gpgsign true
-
Configure VS Code to sign commits Open the settings in VS Code (File > Preferences > Settings or
Ctrl + ,
). Search for "Git: Enable Commit Signing" and check the box.