Auto sign your git commits

git-auto-sign-commits.sh

# Generate a new pgp key: (better to use gpg2 instead of gpg in all below commands)
gpg --gen-key
# maybe you need some random work in your OS to generate a key. so run this command: `find ./* /home/username -type d | xargs grep some_random_string > /dev/null`

# check current keys:
gpg --list-secret-keys --keyid-format LONG

# See your gpg public key:
gpg --armor --export YOUR_KEY_ID
# YOUR_KEY_ID is the hash in front of `sec` in previous command. (for example sec 4096R/234FAA343232333 => key id is: 234FAA343232333)

# Set a gpg key for git:
git config --global user.signingkey your_key_id

# To sign a single commit:
git commit -S -a -m "Test a signed commit"

# Auto-sign all commits globaly
git config --global commit.gpgsign true

Thanks. It can also be useful to generate your key interactively using gpg --full-generate-key --allow-freeform-uid instead of gpg --gen-key.

If you do not want to sign local commits as you might be rebasing etc. a lot, use following to auto sign only commits that you push out:
git config --global push.gpgSign true
Remove --global to make it a per project configuration

In case of error gpg: signing failed: Inappropriate ioctl for device while signing a commit

use export GPG_TTY=$(tty) in your ~/.bashrc or ~/.zshrc file. source

Cache your password for 1 day (86400 seconds)

~/.gnupg/gpg-agent.conf (for gpg 2)

default-cache-ttl 86400
max-cache-ttl 86400

Reload gpg agent:
gpgconf --reload gpg-agent

Very helpful. thank you!

As a sidenote, I wanted to sign with my keybase key:

keybase pgp export | gpg --import
keybase pgp export -q KEYID --secret | gpg --import --allow-secret-key-import
git config --global user.signingkey KEYID

Thanks,

I also had to do the following:

git config --global gpg.program gpg2

And also needed this in my bashrc otherwise it fails when asking for password (see keybase/keybase-issues#2798):

export GPG_TTY=$(tty)

gpg --list-keys

you always digitally sign with your private key not the public.