Skip to content

Instantly share code, notes, and snippets.

@engalar
Forked from alopresto/gpg_git_signing.md
Last active May 10, 2018 05:12
Show Gist options
  • Save engalar/9511d75e42036f361c727381f3c2d6f8 to your computer and use it in GitHub Desktop.
Save engalar/9511d75e42036f361c727381f3c2d6f8 to your computer and use it in GitHub Desktop.
Steps to enable GPG signing of git commits.

If anyone is interested in setting up their system to automatically (or manually) sign their git commits with their GPG key, here are the steps:

windows

cd C:\Program Files (x86)\GNU\GnuPG
.\gpg.exe --gen-key # 4096
.\gpg.exe --list-secret-keys --keyid-format LONG

.\gpg.exe --armor --export 3AA5C34371567BD2

linux

gpg --gen-key # 4096
gpg --list-secret-keys --keyid-format LONG
gpg --armor --export 3AA5C34371567BD2
  1. Generate and add your key to GitHub
  2. $ git config --global commit.gpgsign true ([OPTIONAL] every commit will now be signed)
  3. $ git config --global user.signingkey ABCDEF01 (where ABCDEF01 is the fingerprint of the key to use)
  4. $ git config --global alias.logs "log --show-signature" (now available as $ git logs)
  5. $ git config --global alias.cis "commit -S" (optional if global signing is false)
  6. $ echo "Some content" >> example.txt
  7. $ git add example.txt
  8. $ git cis -m "This commit is signed by a GPG key." (regular commit will work if global signing is enabled)
  9. $ git logs

IntelliJ IDEA Integration

If you perform git commits through IntelliJ and want them to be signed, add the following line to your ~/.gnupg/gpg.conf or windows %APPDATA%\gnupg\gpg.conf file:

# This option tells gpg not to expect a TTY interface and allows IntelliJ to sign commits
no-tty

Atlassian SourceTree Integration

If you perform git commits through SourceTree and want them to be signed, open Preferences > General and ensure that the GPG Program field has the value set to the directory containing the gpg2 executable, for example /usr/local/MacGPG2/bin. Even if your gpg executable is version 2, the gpg2 executable must be present.

Then click the Settings icon at the top right of a repository window, click the Security icon, and check "Enable GPG key signing for commits" and select the desired key. If you have a default-key setting in ~/.gnupg/gpg.conf, this should be correctly populated already.

Resources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment