Setting up Git for Windows and Gpg4win (WIP)

setting-up-msysgit-and-gpg4win.md

Setting up Git for Windows and Gpg4win

This article will help you set up your development environment with git and gpg to sign your commits and manage your gpg keys for different personas.

This article will not guide you step by step to install the programms needed, explain how gpg works nor will it tell you why you should sign your git commits.

Prerequisites

• You are on a Windows (7+) system
• You have installed [msysgit]
• You have installed Gpg4win
• You may have already generated your gpg keys with msysgit's gpg or with Gpg4win

Generating your gpg keys

Open %UserProfile%/AppData/Roaming/gnupg/gpg.conf and add the following lines:

personal-digest-preferences SHA256
cert-digest-algo SHA256

The create your keys either with GPA, Kleopatra or on the command line.

Setting up msysgit's gpg

Download and extract iconv.dll to /path/to/Git/bin

Open /path/to/Git/etc/profile and change the following line:
export GNUPGHOME=~/.gnupg
to
export GNUPGHOME="/c/Users/UserName/AppData/Roaming/gnupg"

Open Git bash and enter the following:
$> gpg --list-key
You should now see your keys

If you have generated your keys first with msysgit's gpg (on Git bash) then copy the files under
%UserProfile%/.gnupg to %UserProfile%/AppData/Roaming/gnupg

Export and import your public and secret keys between the two locations, otherwise.

Git Bash uses GPG 1.4.x and Gpg4win uses 2.0.x

TODO

Managing multiple keys in a git repository

by mflatischler under CC-BY-SA

@exoosh's comment explains how to make git use Gpg4win when signing commits/tags. Quoting it here for completeness:

Side-note: in ~/.gitconfig I also (meanwhile) have this because otherwise the gpg command from Git for Windows is going to take precedence:

[gpg]
        program = C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe

Adjust the installation path as appropriate on your system. (This means the junction point business isn't strictly needed, if you get Git to use the gpg.exe you want)

However, to make gpg commands themselves use Gpg4win in git bash, I found the easiest solution to be simply defining an alias.
That is, add the following line:

# ~/.bashrc (add it if it's not there)
alias gpg='/c/Program\ Files\ \(x86\)/GnuPG/bin/gpg.exe'

Then just source ~/.bashrc or restart git bash to apply this alias. Now commands like gpg --list-keys will give you the same output in git bash or in cmd/PowerShell.

I should note that, with the above commands, @mflatischler's original instructions to install iconv.dll and export GNUPGHOME are unnecessary.

UPDATE: If you use a separate git client, you might need to point that program at the Gpg4win executable for signing as well. I just ran into an issue where GitKraken was set up to use gpg as the GPG program, which is what I what I wanted when making commits from GitKraken, as the gpg command pointed at the Gpg4win executable. However, GitKraken was set up to sync preferences with my global gitconfig, so it overwrote the config change recommended above (and apparently processes started by a shell, like git, don't honor shell aliases).

However, to make gpg commands themselves use Gpg4win in git bash, I found the easiest solution to be simply defining an alias. That is, add the following line:

# ~/.bashrc (add it if it's not there)
alias gpg='/c/Program\ Files\ \(x86\)/GnuPG/bin/gpg.exe'

@Rabadash8820 Good point! Just one remark, depending on the details it may be somewhat more robust to use:

alias gpg="$(printf "%q" "$(cygpath -amF 42)")"'/GnuPG/bin/gpg.exe'

The -F allows you to use one of the folder IDs for well-known shell folders.

PS: originally gave another method, but that turns out to be troublesome thanks to the quoting and escaping requirements by Bash.