Signing Git Commits

How to make a GPG Key

  1. First make sure you have GNU Privacy Guard on your machine
  2. Open a terminal and type out gpg --gen-key
  3. At the prompt, specify the kind of key you want (default RSA and RSA)
  4. Enter the desired size and expiration time (you can set it to never expire)
  5. Enter an ID and Secure Password
  6. Use gpg --list-secret-keys --keyid-format LONG to get a list of your keys
/Users/devinmatte/.gnupg/secring.gpg
------------------------------------
sec 4096R/3AA5C34371567BD2 2017-04-17 [expires: 2017-04-18]
uid devinmatte
ssb 4096R/42B317FD4BA89E7A 2017-04-17

Signing Commits

Step 1

$ gpg --list-secret-keys --keyid-format LONG
/Users/devinmatte/.gnupg/secring.gpg
------------------------------------
sec 4096R/3AA5C34371567BD2 2017-04-17 [expires: 2017-04-18]
uid devinmatte
ssb 4096R/42B317FD4BA89E7A 2017-04-17

Step 2

Step 3

  • git config --global commit.gpgsign true sets All Commits inside All Repositories on your machine to default as signed.
  • git config commit.gpgsign true sets All Commits inside a single repository on your machine to default as signed.

Step 4

  • Edit ~/.gnupg/gpg.conf and add these two lines to the bottom:
no-tty
use-agent
  • Now your password will be saved, and third party software will be able to commit like normal. Except now, all your commits are signed!

Verifying Commits Online

  1. Export your full chain gpg --armor --export 3AA5C34371567BD2
  2. Copy your GPG key, beginning with -----BEGIN PGP PUBLIC KEY BLOCK----- and ending with -----END PGP PUBLIC KEY BLOCK-----
  3. Copy that to GitHub using the instructions from their site.

--

--

--

Software Engineering Student at Rochester Institute of Technology with a focus on Full Stack Web Development and DevOps

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Devin Matté

Devin Matté

Software Engineering Student at Rochester Institute of Technology with a focus on Full Stack Web Development and DevOps

More from Medium

Easiest Way To Use And Manage Multiple Git Profiles On The Same Computer.

Working Area, Staging Index, Repository

Multiple git configs (profiles) on one computer

Git: Working In a Team