Skip to content

Instantly share code, notes, and snippets.

@Shinrai

Shinrai/gpg-signing.md

Last active January 5, 2022 19:00
Show Gist options
  • Save Shinrai/63eb85c7e89715a5d2dc9bee0301a8ac to your computer and use it in GitHub Desktop.
Save Shinrai/63eb85c7e89715a5d2dc9bee0301a8ac to your computer and use it in GitHub Desktop.
Download ZIP
Setup GPG with only Git installed (Windows)
Raw
gpg-signing.md

Preface

This gist will walk you through on how to setup GPG signing automatically through git on windows

If you have GNUPG or GPG4WIN installed you will need to uninstall them prior to following this gist.

Step 1

Locate gpg.exe {GPGBIN} {GPGBINFOLDER}

Git ONLY

Open a command line shell In command line shell type the following:

where gpg.exe

Example output:

D:\Tools\Git\usr\bin\gpg.exe

This should point to your GIT install bin directory {GPGBINFOLDER}. For example: D:\Tools\Git\usr\bin

GNUPG (>=2.1)

For GNUPG it's usually:

C:\Program Files (x86)\gnupg\bin\gpg.exe

However it can be found by issueing the command:

gpgconf --list-dirs

Look for the bindir output. %3a is ":" beyond that you'll have your {GPGBINFOLDER}

The location of the gpg.exe file will be used as {GPGBIN} later in this gist

Step 2

This step can be skipped if you chose to keep GNUPG or GPG4WIN and wish to use their version of GPG. However you will still need the {GPGBINFOLDER}

Open system Properties -> Advanced -> Enviroment Variables

Edit Path Variable and add the directory found above. For example: D:\Tools\Git\usr\bin

Restart your command line shell

Once you have restarted your command line shell verify the correct GPG is running but issueing the command:

gpg --help

Step 3

Create your GPG Key

GIT ONLY

{COMMAND}

gpg --gen-key
GNUPG (>=2.1)

{COMMAND}

gpg --full-generate-key

Run the {COMMAND} in your command line shell. Follow the prompts.

What Kind of key: (default: RSA and RSA) [ENTER] Key size: (default: 2048) 4096 [ENTER] Valid period: (default: 0 - doesn't expire) [ENTER]

Now that the basic settings are done we need to specify the Real Name, Email and a comment. Email SHOULD match your git user data.

To check your git user data run the following commands:

git config --global user.name
git config --global user.email

Step 4

Retrieve your GPG Key {GPGKEY} {GPGPARMOR}

gpg --list-secret-keys --keyid-format LONG

Example output:

gpg --list-secret-keys --keyid-format LONG
/c/Users/example/.gnupg/secring.gpg
------------------------------------
sec   4096R/3AA5C34371567BD2 2018-04-04
uid                          [REAL NAME] ([COMMENT]) [EMAIL]
ssb   4096R/42B317FD4BA89E7A 2018-04-04

In the above example the {GPGKEY} would be 3AA5C34371567BD2. It's the HEXDEC in the sec line

Run the following command to retrieve your {GPGPARMOR}

gpg --armor --export {GPGKEY}

Step 5

Setup Github to accept the GPGKey

Go to https://github.com/settings/keys Click "New GPG Key" Paste your {GPGARMOR} into the text field and submit

Step 6

Setup Git

Run the following commands:

git config --global user.signingkey {GPGKEY}
git config --global gpg.program {GPGBIN}
git config --global commit.gpgsign true

Step 6

Profit

Now your all setup to run GPG Signed commits

Note: You will need to follow these steps on all computers which you commit on. Personally I use the comment field of the GPG to identify which computer that GPGKey belongs to.

IE an example would be:

Real Name: Nathaniel Hyson
Email: [email protected]
Comment: CLDMV Work PC - Nathaniel

This information is available via the User ID Packet (userID) of the Public Key. Although Github does not support showing this information it is there none the less.

The Public GPG Key Data can be viewed from the following tool: http://cirw.in/gpg-decoder/

@cgbosse
Copy link

cgbosse commented Sep 30, 2021

Thank you.
This has helped tremendously.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment