Hi Github users,
You can now signed your commits on Github using at least Git 2.18.0 and Github Desktop 1.6.1.
-
Generate a GPG key and add it to Github: https://help.github.com/articles/generating-a-new-gpg-key (if you don't want to type a passphrase on every commit, you need to press "Enter" when the console will prompt you to type a passphrase)
-
Configure Git properly by editing the
.gitconfigfile using the command linegit config --global --editin a terminal, then replace YOUR_GITHUB_EMAIL, YOUR_SIGNING_KEY and GPG_BINARY_PATH with your data
[user]
name = Xavier Foucrier
email = YOUR_GITHUB_EMAIL
signingkey = YOUR_SIGNING_KEY
[gpg]
program = GPG_BINARY_PATH
[commit]
gpgsign = true- YOUR_GITHUB_EMAIL: the email address used to login on Github
- YOUR_SIGNING_KEY: the GPG key used to sign commits, should follow the GPG key ID convention, like this example: https://help.github.com/articles/telling-git-about-your-signing-key/#telling-git-about-your-gpg-key-1
- GPG_BINARY_PATH: the GPG binary file path, depending on your Git install and your operating system:
- Windows:
gpg,gpg.exeorC:\\Program Files\\Git\\usr\\bin\\gpg.exe(can be found usingwhere gpgin a terminal) - Mac or Linux:
gpgor/usr/local/bin/gpg(can be found usingwhich gpgin a terminal)
- Windows:
- Enjoy signed commits with your favorite code editor!
Note that you can temporary disable GPG signed commits by setting
gpgsign = falsein your.gitconfigfile withgit config --global commit.gpgsign false
That's all folks! 🎉