brew install gpg&brew install --cask gpg-suite- Install the tools we will need
gpg --list-secret-keys --keyid-format LONG- Most likely will show no keys
gpg --full-generate-key- Generate the GPG key we will be using
- key type should be
RSA and RSA - GitHub requires
4096bit keys - HMRC guidance is an expiry time of
12m - Use your GitHub noreply / privacy email address
- Comment can be left blank
- You will be prompted for a password for the key
- Usual strong password guidelines apply
- Move your mouse around etc to help random number generator
gpg --list-secret-keys --keyid-format LONG- Should now list a key
sec rsa4096/D8FB9722B0213397 2020-03-27 [SC]- The
D8FB9722B0213397is the key ID we will need - Your key ID will differ from the one shown here
- We'll refer to
D8FB9722B0213397as<your-key-id-here>for clarity
gpg --armor --export <your-key-id-here> | pbcopy- Will export the GPG key
pbcopycopies it straight to the clipboard
- Go to GitHub Keys
- Click
Add GPG Key - Paste in the key and save
- Click
- Back in Terminal run
git config --global commit.gpgsign true- Set GPG signing for all your commits on this machine
git config --global user.signingkey <your-key-id-here>- Tell
gitwhich key to use
- Tell
git config --global gpg.program /usr/local/MacGPG2/bin/gpg2- Tell
gitwhat app to use for GPG signing
- Tell
gpgconf --kill gpg-agent- Restarting the
gpg-agentto make sure all settings take effect
- Restarting the
- Do some changes and try and commit
- You will be prompted for the password for the GPG key
- Select save in KeyChain and continue
- You've signed a commit successfully
Make sure you don't have conflicting settings in your git config. E.g.
gpg.format=x509
gpg.x509.program=smimesign
Conflicting settings such as the above can be removed by:
git config --global --unset gpg.format
git config --global --unset gpg.x509.program