- Download and install GPG from www.gnupg.org. On Mac, you can install gnupg through Homebrew.
brew install gnupg
- Generate a new GPG Key. You can select the defaults for this command, but it is required that you enter your full name and your email address when needed. The email address must be the same as your verified email address in your GitHub account if you need to push signed commits to this website. Also define a secure password (keep note of it, you will need it later):
gpg --full-generate-key
- Once the key is generated, check the generated keys:
gpg --list-secret-keys --keyid-format LONG
- Take note of the results. In particular, the line starting with "sec", and the text AFTER the first "/" on that line:
gpg --list-secret-keys --keyid-format LONG
/Users/me/.gnupg/secring.gpg
------------------------------------
sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid Hubot
ssb 4096R/42B317FD4BA89E7A 2016-03-10
- Generate the ASCII formatted public key for this GPG key ID:
gpg --armor --export 3AA5C34371567BD2
- Copy de generated output including the -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----.
- Add this ASCII public key to your github account so it accepts signed commits from this GPG Key.
- Configure GPG in your Git configuration:
git config --global user.signingkey 3AA5C34371567BD2
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"
git config --global commit.gpgsign true
- Now you should be able to sign commits:
git commit -S -m "Commit message"
- Just enter the GPG Key's password.
On Mac you can install GNUPG using Homebrew. And to help you with the process of signing a commit, download and install (https://gpgtools.org/)[https://gpgtools.org/].