If anyone is having trouble commiting and pushing signed commits in IntelliJ IDEA (or any other JetBrains IDE) like me, here are the steps:
This guide assumes that you have generated a GPG key added it to your GitHub account.
- Let Git use the pin entry app which comes with gpg4win:
$ git config --global gpg.program "c:/Program Files (x86)/GnuPG/bin/gpg.exe"
The location of
gpg.exe
might be slightly different on your system.
- Tell Git to sign your commits:
$ git config --global commit.gpgsign true
Omit
--global
if you only want to sign commits for the given repo.
- Add your key to Git by first listing your key:
$ gpg --list-keys
C:/Users/User/AppData/Roaming/gnupg/pubring.kbx
------------------------------------------------
pub rsa4096 2018-04-11 [SCA]
123456789999999999ABCDEFABCDEF1234567890
uid [ultimate] Claus Martinsen <clauswrm@gmail.com>
sub rsa4096 2018-04-11 [E]
- And linking the key to your Git user:
$ git config --global user.signingkey 123456789999999999ABCDEFABCDEF1234567890
- Try commiting from IntelliJ and you will be prompted to to write the GPG-key password.
When pushing in IntelliJ you should now be propted with a GitHub login screen. If this fails like it did for me, with an error similar to this:
fatal: HttpRequestException encountered.
An error occurred while sending the request.
Username for 'https://github.com':
...here is how to fix it:
-
Download the latest version of Git Windows Credentials Manager.
-
Restart your machine.
-
Try pushing from IntelliJ and you will be prompted to login again.
Open the terminal in IntelliJ and type:
$ git log <yourLastCommitHash> --show-signature -1
...where <yourLastCommitHash>
should be replaced by the hash of the signed commit. The output
should look something like this:
commit 45cf201ac7ff8acc06916184c4e2322cdfa05467
gpg: Signature made 04/17/18 21:20:20 West Europe Summer Time
gpg: using RSA key 1234567890ABCDEF123456789
gpg: Good signature from "User Name <username@email.com>" [ultimate]
Author: User Name <username@email.com>
Date: Tue Apr 17 21:20:20 2018 +0200
After you have pushed your signed commit, navigate to your repo/commits/branch
on GitHub and
verify that the commit has a verified badge.
These resources helped me along the way and is what I based this document on: