-
π Copy your GitHub email address.
Run
git config --global user.email
and copy the email that is returned. If nothing is returned, you should set that to one of the following 2 addresses on https://github.com/settings/emails :i. If you have enabled β
Keep my email addresses private
, then copy thexxxxx+xxxxx@users.noreply.github.com
email address mentioned beneath.
ii. Otherwise, copy the email address that you have designated underPrimary email address
. -
π¦ Install GPG
For ease of use with GPG key creation and management, you can install GPG Suite from https://gpgtools.org/
There is an add-on Email integration that installation will ask if you would like installed. This is optional / not needed for git-GPG signing purposes. -
ππ Create a new GPG key pair
Launch the GPG Keychain app and click
+ New
.
Important: Use the email address that you copied from Step 1. above. -
ποΈ Follow the
Telling Git about your GPG key
instructions on
https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key#telling-git-about-your-gpg-key
π Stop when you reach the next section, titledTelling Git about your SSH key
. -
π Finish on GitHub
Follow the
Adding a GPG key to your GitHub account
instructions on
https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account
-
Commit
Make a test commit in a new or existing git repo
git commit -S --allow-empty -m 'My 1st signed commit'
-
Verify locally
Check to confirm that local
git
acknowledges that the commit was signed and valid.
git log --show-signature
-
Push and verify on GitHub
https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits