Install GnuPG and GitHub official CLI tool. Instructions:
- GitHub CLI https://github.com/cli/cli#installation
- GnuPG https://gnupg.org
# If you're using macOS and Homebrew
brew update && brew upgrade
brew install gnupg ghgh auth login
# Follow remaining steps to auth GitHub CLIGenerate gpg key
gpg --full-generate-keyOptions I selected:
-
Select
1 -
4096bits long -
Expires in:
1y
__
- name: YOUR GITHUB NAME (important)
- email: YOUR GITHUB EMAIL (important)
- Comment: optional (I didn't add anything)
- Passphrase (optional but you should)
Get your public key info info
gpg --list-secret-keys --keyid-format=longsec rsa4096/[THIS_KEY_ID] 2021-07-07 [SC]
2B18EEB732D15480D40A60D605AE1785E201CE95
uid [ultimate] Jon Die <jon@doe.com>
ssb rsa4096/C98A99F6B0202433 2021-07-07 [E]Copy [THIS_KEY_ID] (it should be 16 digits)
Save public key to a file
mkdir ~/public-keys
gpg --armor --export THIS_KEY_ID > ~/public-keys/GITHUB_GPG_PUBLIC_KEY.gpgLet GitHub know about your key
gh gpg-key add ~/public-keys/GITHUB_GPG_PUBLIC_KEY.gpgLet Git know about your key
git config --global user.signingkey THIS_KEY_ID
git config --global user.gpgsign true
git config --global commit.gpgsign true
git config --global user.email "YOUR GITHUB EMAIL"
git config --global user.name "YOUR GITHUB NAME"Sign commits by default
git config --global commit.gpgsign trueNote: if you added a passphrase to your key, you will be prompted to enter it every time you commit.
You can tell pinentry where to prompt you for your passphrase by setting the GPG_TTY environment variable:
export GPG_TTY=$(tty)Verify your key
gh gpg-key listVerify your commits
git commit -S -m "This is a signed commit"git log --show-signature -1commit 2b18eeb732d15480d40a60d605ae1785e201ce95 (HEAD -> main, origin/main, origin/HEAD)
gpg: Signature made Wed 07 Jul 2021 11:00:00 PM PDT
gpg: using RSA key 2B18EEB732D15480D40A60D605AE1785E201CE95
gpg: Good signature from "Jon Doe <jon@doe.com>" [ultimate]
Author: Jon Doe <jon@doe.com>
Date: Wed 07 Jul 2021 11:00:00 PM PDT