Sign your commits on GitHub with GPG

What is GPG?

Install the necessary tools

Installing on a Mac

$ brew install gnupg gpg-agent pinentry-mac

Generate a GPG key

$ gpg --gen-key

Add the public key to your git config

$ gpg --list-keys
/Users/home/.gnupg/pubring.gpg
-------------------------------
pub 1537P/[PUBKEY] 2016-06-30
uid Your Name <youremail@example.com>
sub 1537P/[SUBKEY] 2016-06-29
$ git config --global user.signingkey <PUBKEY>

Add the key to GitHub

$ gpg --armor --export <PUBKEY>

Sign your commits

$ git commit -S -m "Signed commit"
$ git config --global commit.gpgsign true

Saving your passphrase

gpg.conf

# Uncomment within config (or add this line)
# This tells gpg to use the gpg-agent
use-agent

# Silences the "you need a passphrase" message
# This is a potential source of issues, but I haven't noticed any
batch

gpg-agent.conf

# Enables GPG to find gpg-agent
use-standard-socket

# Connects gpg-agent to the OSX keychain via the brew-installed
# pinentry program from GPGtools. This is the OSX 'magic sauce',
# allowing the gpg key's passphrase to be stored in the login
# keychain, enabling automatic key signing.
pinentry-program /usr/local/bin/pinentry-mac

.bash_profile or .zshrc

# In order for gpg to find gpg-agent, gpg-agent must be running,
# and there must be an env variable pointing GPG to the gpg-agent socket.
# This little script, which must be sourced
# in your shell's init script (ie, .bash_profile, .zshrc, whatever),
# will either start gpg-agent or set up the
# GPG_AGENT_INFO variable if it's already running.

# Add the following
if [ -f ~/.gnupg/.gpg-agent-info ] && [ -n "$(pgrep gpg-agent)" ]; then
source ~/.gnupg/.gpg-agent-info
export GPG_AGENT_INFO
else
eval $(gpg-agent --daemon --write-env-file ~/.gnupg/.gpg-agent-info)
fi
$ echo $GPG_AGENT_INFO
> /Users/home/.gnupg/agent-location
env=~/.ssh/agent.env

agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; }

agent_start () {
(umask 077; ssh-agent >| "$env")
. "$env" >| /dev/null ; }

agent_load_env

# agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2= agent not running
agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?)

if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then
agent_start
ssh-add
elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then
ssh-add
fi

unset env

Reference Material

--

--

--

Lead Front-End Engineer at Pylon AI, jQuery Core Team Lead

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Timmy

Timmy

Lead Front-End Engineer at Pylon AI, jQuery Core Team Lead

More from Medium

Top Flutter Tools and Plugins For Development

Docker Error in Terminal MacOS

Install macOS Sierra on Virtual Box for Windows 10 Users

Doorbell Slack notifications

Slack notifications when door bell rings