Skip to content

Instantly share code, notes, and snippets.

@zanonnicola
Forked from ankurk91/github_gpg_key.md
Created March 26, 2018 11:40
Show Gist options
  • Save zanonnicola/6647d54a3884e0ffc994ce11382a7e75 to your computer and use it in GitHub Desktop.
Save zanonnicola/6647d54a3884e0ffc994ce11382a7e75 to your computer and use it in GitHub Desktop.
Github : Signing commits using GPG (Ubuntu/Mac)

Github : Signing commits using GPG (Ubuntu/Mac) 🔐

  • Do you have an Github account ? If not create one.
  • Install required tools
  • Latest Git Client
  • gpg tools
# Ubuntu
sudo apt-get install gpa seahorse
# Mac
brew install gpg
  • Generate a new gpg key
gpg --gen-key
  • Answer the questions asked

Note: When asked to enter your email address, ensure that you enter the verified email address for your GitHub account.

  • List generated key
gpg --list-secret-keys --keyid-format LONG
  • Above command should return like this
/home/username/.gnupg/secring.gpg
-------------------------------
sec   4096R/<COPY_LONG_KEY> 2016-08-11 [expires: 2018-08-11]
uid                          User Name <[email protected]>
ssb   4096R/62E5B29EEA7145E 2016-08-11

  • Note down your key COPY_LONG_KEY from above
  • Export this (public) key to a text file
gpg --armor --export <PASTE_LONG_KEY_HERE> > gpg-key.txt
  • Above command will create a new txt file gpg-key.txt

  • Add this key to GitHub

  • Login to Github and goto profile settings

  • Click New GPG Key and paste the content of gpg-key.txt file then save

  • Tell git client to auto sign your future commits

  • Run this command

gpg --list-keys
  • Above command should return like this -
/home/username/.gnupg/pubring.gpg
-------------------------------
pub   4096R/<COPY_SHORT_KEY> 2016-08-11 [expires: 2018-08-11]
uid                  Your Name <[email protected]>
sub   4096R/EB61969F 2016-08-11 [expires: 2017-08-11]
  • Copy the short key from above and use this in command below
git config --global user.signingKey <PASTE_SHORT_KEY_HERE>
git config --global commit.gpgsign true
  • You are done, next time when you commit changes; gpg will ask you the passphrase.

Make gpg remember your passphrase (tricky)

To make it remember your password, you can use gpg-agent

Edit your ~/.gnupg/gpg-agent.conf file and paste these lines

default-cache-ttl 28800
max-cache-ttl 28800

28800 seconds means 8 hours

If gpg-agent is not running you can start it with this command

gpg-agent --daemon

Change your key passphrase

gpg --edit-key <PASTE_YOUR_KEY_ID_HERE>

At the gpg prompt type:

passwd

Type in the current passphrase when prompted
Type in the new passphrase twice when prompted
Type:

save

Reference Links

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment