Install Keybase: https://keybase.io/download and Ensure the keybase cli is in your PATH
First get the public key
keybase pgp export | gpg --import
Next get the private key
keybase pgp export --secret | gpg --allow-secret-key --import
Verify progress:
gpg --list-secret-keys
Looks for something like
sec 4096R/C9D8E1A1 2017-02-16 [expires: 2033-02-12]
uid Sean Escriva <[email protected]>
ssb 4096R/CC67212E 2017-02-16
The email address should match your Github email.
The C9D8E1A1 part is what you need next. By default this key is untrusted, so we'll fix that.
To edit trust:
$ gpg --edit-key C9D8E1A1
gpg> trust
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
There are many levels of trust so choose what you're comfortable with.
$ git config --global user.signingkey C9D8E1A1
$ git config --global commit.gpgsign true
Now add it to your Github profile:
gpg --armor --export C9D8E1A1 | xclip
Add it to your GitHub profile under Settings/SSH and GPG keys.
Replace xclip with clip or pbcopy for your current platform.
Use gpg agent if you don't want to enter the password every time.
brew install gpg-agent pinentry-mac
Modify your gpg agent config
# ~/.gnupg/gpg-agent.conf
# Connects gpg-agent to the OSX keychain via the brew-installed
# pinentry program from GPGtools. This is the OSX 'magic sauce',
# allowing the gpg key's passphrase to be stored in the login
# keychain, enabling automatic key signing.
pinentry-program /usr/local/bin/pinentry-mac
Modify your gpg config
# ~/.gnupg/gpg.conf
use-agent
default-key XXXXXXXXXXXX
View signed commits with : git log --show-signature -1