gpg --import <path to your private gpg.key>gpg --full-generate-key The recommended choices are:
- Type of the key: RSA
- Key size: at least 4096 bits
- Key validity period: 1 year (it's a good practice to rotate the key once a year)
It is recommended to use the same username and e-mail address that is shown as the author of your commits. Specify the GitHub noreply email address if you plan to use the signature along with the email address privacy features.
gpg --list-keysUse the gpg --list-secret-keys --keyid-format=long command to list the long form of the GPG keys for which you have both a public and private key. A private key is required for signing commits or tags.
gpg --list-secret-keys --keyid-format=longFrom the list of GPG keys, copy the long form of the GPG key ID you'd like to use. In this example, the GPG key ID is 3AA5C34371567BD2:
/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid Hubot <[email protected]>
ssb 4096R/4BB6D45482678BE3 2016-03-10gpg --armor --export 3AA5C34371567BD2
# Prints the GPG key ID, in ASCII armor formatCopy your GPG key, beginning with -----BEGIN PGP PUBLIC KEY BLOCK----- and ending with -----END PGP PUBLIC KEY BLOCK-----.
To set your primary GPG signing key in Git, paste the text below, substituting in the GPG primary key ID you'd like to use. In this example, the GPG key ID is 3AA5C34371567BD2:
git config --global user.signingkey 3AA5C34371567BD2
# Optionally, to configure Git to sign all commits by default, enter the following command:
git config --global commit.gpgsign true