GPG signing with Git and Github Desktop (Windows)

gpg-signing.md

Hi Github users,

You can now signed your commits on Github using at least Git v2.33.0 and Github Desktop 3.0.2.

1. Install GnuPG (Gpg4win): https://gnupg.org/download/index.html

2. Generate a GPG key and add it to Github: https://help.github.com/articles/generating-a-new-gpg-key (if you don't want to type a passphrase on every commit, you need to press "Enter" when the console will prompt you to type a passphrase)

3. Configure Git properly by editing the .gitconfig file using the command line git config --global --edit in a terminal or edit manually (C:\Users\%username%\.gitconfig), then replace YOUR_USERNAME, YOUR_GITHUB_EMAIL and YOUR_SIGNING_KEY with your data

[user]
	name = YOUR_USERNAME
	email = YOUR_GITHUB_EMAIL
	signingkey = YOUR_SIGNING_KEY
[gpg]
	program = "C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe"
[commit]
	gpgsign = true

• YOUR_GITHUB_EMAIL: the email address used to login on Github or private no-reply email
• YOUR_SIGNING_KEY: the GPG key used to sign commits, should follow the GPG key ID convention, like this example: https://help.github.com/articles/telling-git-about-your-signing-key/#telling-git-about-your-gpg-key-1

3. Enjoy signed commits with your favorite code editor!

Note that you can temporary disable GPG signed commits by setting gpgsign = false in your .gitconfig file with git config --global commit.gpgsign false

That's all! 🚀