Need to setup gpg-agent first, on OSX I use keychain (it also does ssh-agent)
$ brew info keychain
keychain: stable 2.8.5
User-friendly front-end to ssh-agent(1)
https://www.funtoo.org/Keychain
/usr/local/Cellar/keychain/2.8.5 (7 files, 108.5KB) *
Built from source on 2018-10-23 at 14:44:08
From: https://github.com/Homebrew/homebrew-core/blob/master/Formula/keychain.rb
==> Analytics
install: 267 (30 days), 841 (90 days), 3,910 (365 days)
install_on_request: 262 (30 days), 817 (90 days), 3,661 (365 days)
build_error: 0 (30 days)brew install gpg gpg2 pinentry-mac
gpg --full-generate-keyUse RSA and RSA with 4096 length.
Once the public/private pairs are generated, find public key ID in sec rsa4096/XXXXXX format and export key block
gpg --list-secret-keys --keyid-format=long
gpg --armor --export XXXXXX
Share or add public key in Github.
Configure terminal to save gpg keyphrase in keychain
mkdir -m 0700 ~/.gnupg
echo "pinentry-program $(brew --prefix)/bin/pinentry-mac" | tee ~/.gnupg/gpg-agent.conf
pkill -TERM gpg-agentClose and reopen shell.
Assuming you've already created or imported a key, select an identity to test:
$ gpg --list-keys --keyid-format=long
/Users/kush/.gnupg/pubring.kbx
------------------------------
sec rsa4096/XXXKEYIDXXX 2022-04-19 [SC] [expires: 2025-10-08]
213F7BD1BE8CE12BB5FCB1DE7752732FEA8BE468
uid [ultimate] Kush Sharma <[email protected]>
ssb rsa4096/XXXXXX 2022-04-19 [E] [expires: 2025-10-08]Test (replace [email protected] with the identity of your certificate):
$ echo test | gpg -e -r [email protected] | gpg -d
gpg: encrypted with rsa4096 key, ID XXXKEYIDXXX, created 2022-04-19
"Kush Sharma <[email protected]>"
testConfigure git for gpg
git config --global commit.gpgsign true
git config --global user.signingkey XXXKEYIDXXX