Skip to content

Instantly share code, notes, and snippets.

@ma3574
Last active January 17, 2022 17:09
Show Gist options
  • Save ma3574/53101f4f2d0a2688c4b953fba838ee5d to your computer and use it in GitHub Desktop.
Save ma3574/53101f4f2d0a2688c4b953fba838ee5d to your computer and use it in GitHub Desktop.
GPG Signing Commits

Commit Signing - Mac OS

Prerequisites

Commands

  1. brew install gpg & brew install --cask gpg-suite
    • Install the tools we will need
  2. gpg --list-secret-keys --keyid-format LONG
    • Most likely will show no keys
  3. gpg --full-generate-key
    • Generate the GPG key we will be using
    • key type should be RSA and RSA
    • GitHub requires 4096 bit keys
    • HMRC guidance is an expiry time of 12m
    • Use your GitHub noreply / privacy email address
    • Comment can be left blank
    • You will be prompted for a password for the key
      • Usual strong password guidelines apply
    • Move your mouse around etc to help random number generator
  4. gpg --list-secret-keys --keyid-format LONG
    • Should now list a key
    • sec rsa4096/D8FB9722B0213397 2020-03-27 [SC]
    • The D8FB9722B0213397 is the key ID we will need
    • Your key ID will differ from the one shown here
    • We'll refer to D8FB9722B0213397 as <your-key-id-here> for clarity
  5. gpg --armor --export <your-key-id-here> | pbcopy
    • Will export the GPG key
    • pbcopy copies it straight to the clipboard
  6. Go to GitHub Keys
    • Click Add GPG Key
    • Paste in the key and save
  7. Back in Terminal run git config --global commit.gpgsign true
    • Set GPG signing for all your commits on this machine
  8. git config --global user.signingkey <your-key-id-here>
    • Tell git which key to use
  9. git config --global gpg.program /usr/local/MacGPG2/bin/gpg2
    • Tell git what app to use for GPG signing
  10. gpgconf --kill gpg-agent
    • Restarting the gpg-agent to make sure all settings take effect
  11. Do some changes and try and commit
  12. You will be prompted for the password for the GPG key
  13. Select save in KeyChain and continue
  14. You've signed a commit successfully

Things to Avoid

Make sure you don't have conflicting settings in your git config. E.g.

gpg.format=x509
gpg.x509.program=smimesign

Conflicting settings such as the above can be removed by:

git config --global --unset gpg.format
git config --global --unset gpg.x509.program
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment