https://help.github.com/en/articles/managing-commit-signature-verification
-
Check for existing GPG keys
gpg --list-secret-keys --keyid-format LONG
If there is a GPG key, skip to Step 4
-
Create a GPG key if you don't already have one
gpg --full-generate-key
Answer the questions, and use your GitHub email.
-
Make sure you now have a GPG key
gpg --list-secret-keys --keyid-format LONG
-
Copy the GPG key ID. In this example, the GPG key ID is
3AA5C34371567BD2
$ gpg --list-secret-keys --keyid-format LONG /Users/hubot/.gnupg/secring.gpg ------------------------------------ sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10] uid Hubot ssb 4096R/42B317FD4BA89E7A 2016-03-10
-
Paste the text below, substituting in your GPG key ID. In this example, the GPG key ID is
3AA5C34371567BD2
:gpg --armor --export 3AA5C34371567BD2 # Prints the GPG key ID, in ASCII armor format
-
Copy your GPG key, beginning with
-----BEGIN PGP PUBLIC KEY BLOCK-----
and ending with-----END PGP PUBLIC KEY BLOCK-----
-
Add your GPG key to your GitHub account in settings
Settings
>SSH and GPG Keys
>New GPG Key
Paste your GPG key into the "key" field and save.
-
Paste the text below, substituting in the GPG key ID, to set your GPG signing key in Git. In this example, the GPG key ID is
3AA5C34371567BD2
:git config --global user.signingkey 3AA5C34371567BD2
-
Add this line to your bash/zsh profile
export GPG_TTY=$(tty)
-
Tell Git to sign every commit
git config --global commit.gpgsign true
-
Add these lines to your
~/.gnupg/gpg-agent.conf
to make gpg remember your passphrase usinggpg-agent
default-cache-ttl 34560000 max-cache-ttl 34560000
34560000 seconds = 400 days
-
Restart
gpg-agent
for changes to take effectgpg-connect-agent reloadagent /bye
If
gpg-agent
is not running you can start it with this commandgpg-agent --daemon