Hi Github users,
You can now signed your commits on Github using at least Git 2.18.0 and Github Desktop 1.6.1.
You can find out a GPG key gpg --list-secret-keys --keyid-format LONG
and export it to a file gpg --armor --export-secret-key -a YOUR_GITHUB_LOGIN
by skipping the first point.
-
Generate a GPG key and add it to Github: https://help.github.com/articles/generating-a-new-gpg-key (if you don't want to type a passphrase on every commit, you need to press "Enter" when the console will prompt you to type a passphrase)
-
Configure Git properly by editing the
.gitconfig
file using the command linegit config --global --edit
in a terminal, then replace YOUR_GITHUB_LOGIN, YOUR_GITHUB_EMAIL, YOUR_SIGNING_KEY and GPG_BINARY_PATH with your data
[user]
name = YOUR_GITHUB_LOGIN
email = YOUR_GITHUB_EMAIL
signingkey = YOUR_SIGNING_KEY
[gpg]
program = GPG_BINARY_PATH
[commit]
gpgsign = true
-
YOUR_GITHUB_LOGIN: the login on Github
-
YOUR_GITHUB_EMAIL: the email address used to login on Github
-
YOUR_SIGNING_KEY: the GPG key used to sign commits, should follow the GPG key ID convention, like this example: https://help.github.com/articles/telling-git-about-your-signing-key/#telling-git-about-your-gpg-key-1
-
GPG_BINARY_PATH: the GPG binary file path, depending on your Git install and your operating system:
- Windows:
C:\\Program Files (x86)\\gnupg\\bin\\gpg.exe
(can be found usingwhere gpg
in a terminal) - Mac or Linux:
gpg
or/usr/local/bin/gpg
(can be found usingwhich gpg
in a terminal)
You can freely download the current GnuPG for your operating system.
- Windows:
- Enjoy signed commits with your favorite code editor!
Note that you can temporary disable GPG signed commits by setting
gpgsign = false
in your.gitconfig
file withgit config --global commit.gpgsign false
That's all folks! 🎉
Supplement to the settings desktop/desktop#2579 (comment)