Skip to content

Instantly share code, notes, and snippets.

@FlameWolf

FlameWolf/signing-git-commits.md

Last active October 14, 2024 13:48
Show Gist options
  • Save FlameWolf/fb9ea5b68a2f8c150f17f3211931ad63 to your computer and use it in GitHub Desktop.
Save FlameWolf/fb9ea5b68a2f8c150f17f3211931ad63 to your computer and use it in GitHub Desktop.
Download ZIP
How to sign Git commits
Raw
signing-git-commits.md

How to sign Git commits

  1. Install GPG4Win and Git for Windows.

  2. Set up Git to use GPG4Win.

    git config --global gpg.program "<path to gpg.exe>"

  3. Generate key.

    gpg --full-generate-key
    Prompt Response
    Please select what kind of key you want: 1 (RSA and RSA)
    What keysize do you want? 4096
    Please specify how long the key should be valid. 0 (key does not expire)
    Real name: <whatever>
    Email address: <your github.com email address> (EXTREMELY IMPORTANT; KEY WILL NOT WORK UNLESS VERIFIED EMAIL ADDRESS FOR YOUR GITHUB ACCOUNT IS PROVIDED HERE)
    Comment: <whatever>

    GPG will prompt for a password; you can enter a password or leave it blank if you're not going to share the key.

  4. Find the key name.

    gpg --list-secret-keys --keyid-format LONG

    Output will be displayed like this:

    sec		rsa4096/A4G5F0CC4D23BO0A 2020-12-24 [SC]
		5609CB236509CA012809C1E8A3A3E6FA6C08AC6E
uid					[ultimate] [email protected]
ssb		rsa4096/12E3241AC1A009A2 2020-12-24 [E]

    The part that comes after the / in the first line before the date is your GPG signing key. In this example, it would be A4G5F0CC4D23BO0A.

  5. Export they key for use with GitHub.

    gpg --armor --export A4G5F0CC4D23BO0A

  6. Go to https://github.com/settings/keys and add the key to GitHub.

  7. Tell Git to use your key to sign commits.

    git config --global user.signingkey A4G5F0CC4D23BO0A
git config --global commit.gpgsign true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment