brew install gpg
&brew install --cask gpg-suite
- Install the tools we will need
gpg --list-secret-keys --keyid-format LONG
- Most likely will show no keys
gpg --full-generate-key
- Generate the GPG key we will be using
- key type should be
RSA and RSA
- GitHub requires
4096
bit keys - HMRC guidance is an expiry time of
12m
- Use your GitHub noreply / privacy email address
- Comment can be left blank
- You will be prompted for a password for the key
- Usual strong password guidelines apply
- Move your mouse around etc to help random number generator
gpg --list-secret-keys --keyid-format LONG
- Should now list a key
sec rsa4096/D8FB9722B0213397 2020-03-27 [SC]
- The
D8FB9722B0213397
is the key ID we will need - Your key ID will differ from the one shown here
- We'll refer to
D8FB9722B0213397
as<your-key-id-here>
for clarity
gpg --armor --export <your-key-id-here> | pbcopy
- Will export the GPG key
pbcopy
copies it straight to the clipboard
- Go to GitHub Keys
- Click
Add GPG Key
- Paste in the key and save
- Click
- Back in Terminal run
git config --global commit.gpgsign true
- Set GPG signing for all your commits on this machine
git config --global user.signingkey <your-key-id-here>
- Tell
git
which key to use
- Tell
git config --global gpg.program /usr/local/MacGPG2/bin/gpg2
- Tell
git
what app to use for GPG signing
- Tell
gpgconf --kill gpg-agent
- Restarting the
gpg-agent
to make sure all settings take effect
- Restarting the
- Do some changes and try and commit
- You will be prompted for the password for the GPG key
- Select save in KeyChain and continue
- You've signed a commit successfully
Make sure you don't have conflicting settings in your git config. E.g.
gpg.format=x509
gpg.x509.program=smimesign
Conflicting settings such as the above can be removed by:
git config --global --unset gpg.format
git config --global --unset gpg.x509.program