Install the gpg package: sudo apt install gpg.
Install the following packages with brew: brew install gnupg pinentry-mac.
Then add the following configuration to the ~/.gnupg/gpg-agent.conf:
# macos with intel
echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
# macos with apple silicon
echo "pinentry-program /opt/homebrew/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
# restart the gpg-agent for applying the new changes
killall gpg-agent
# to fix the possible warning related to unsafe permissions on '~/.gnupg'
chown -R $(whoami) ~/.gnupg/
chmod 600 ~/.gnupg/*
chmod 700 ~/.gnupgOptionally add this line to your .zshrc to insert the key's passphrase throught the terminal interface: export GPG_TTY=$(tty) instead of using pinentry-mac.
# start the generation process
gpg --full-generate-key
# right after, aswer the following questions with
1
4096
0
y
# full name
# email
# a comment for tracking the key (like the git username)
o
# at this point, a passphrase will be required
# generate a new one and save it somewhere safe
# double check that the new key is available and annotate its id
gpg --list-secret-keys --keyid-format=long
gpg --list-keys --keyid-format=long
# copy the public key into the clipboard using the id as reference
gpg --armor --export gpg-id-here | xclip -selection clipboard # linux
gpg --armor --export gpg-id-here | pbcopy # macos
# finally paste the public gpg key into the relative server instance
# a git server instance usually allows to get each user gpg public key, if available, through this url:
# https://www.github.com/user-name.gpg
# keep in mind that when we will use our key, the passphrase will be required
# which can be stored inside the keychain and automatically retrieved during the user loginBy default Git won't sign our commits or tags. To do so, we need to edit the ~/.gitconfig in the following way:
[user]
name = your-full-name-from-the-key
email = your-email-from-the-key
signingkey = your-email-from-the-key
[commit]
gpgsign = true
[tag]
gpgSign = trueThis configuration will transform our git commit into git commit -S by default everytime.
# export
gpg -a --export >mypubkeys.asc
gpg -a --export-secret-keys >myprivatekeys.asc
gpg --export-ownertrust >otrust.txt
# import
gpg --import myprivatekeys.asc
gpg --import mypubkeys.asc
gpg --import-ownertrust otrust.txt
# final check
gpg -K
gpg -k# list all available gpg keys
gpg --list-secret-keys --keyid-format=long
gpg --list-keys --keyid-format=long
# delete a gpg key
gpg --delete-secret-key gpg-id-here
gpg --delete-key gpg-id-here
# test gpg signing process
echo "Hello" | gpg --clearsign
echo "Hello" | gpg -s
# show commits with the relative signature, if available
git log --show-signature
# import a public gpg key from a github account (e.g. web-flow)
curl https://github.com/web-flow.gpg | gpg --import
gpg --edit-key [email protected] trust quit
# set level 4 and you're done- How (and why) to sign Git commits
- How to install and use GnuPG on GNU/Linux
- What is GitHub's public GPG key?
- Automatic Git commit signing with GPG on OSX
- Using GPG keys on GitHub: Creating and updating expired keys
- How to manage GPG keys across multiple systems?
- Modify the GPG UID name
- How the correct way to revoke GPG on key server?
- How to migrate or export all GnuPG (gpg) public and private keys from one user to another
- SSH key setup