rflx

Signing Git Commits

Signing git commits isn’t required, but may be useful.

You need the latest version of gpg and git.

First of all, check for any existing GPG keys.

gpg --list-secret-keys --keyid-format LONG

If you have got any keys, proceed to step “Adding a GPG key To The Git Config”

Generating a GPG key

gpg --full-generate-key

Adding a GPG key To The Git Config

gpg --list-secret-keys --keyid-format LONG

In the output you will get something like this.

/home/username/.gnupg/pubring.kbx
---------------------------------
sec   rsa4096/3AECA5CB534A6EC1 2020-08-23 [SC]
      660E4AX26551B46A934F34033AECA4CA534E6EC4
uid                 YourName <YourEmail>
ssb   rsa4096/0975A0AGC9C00831 2020-08-23 [E]

From the output choose the key you would like to use. Like 3AECA5CB534A6EC1 in the example and set it in global git config.

git config --global user.signingkey 3AECA5CB534A6EC1

Add your GPG key to the bash profile:

test -r ~/.bash_profile && echo 'export GPG_TTY=$(tty)' >> ~/.bash_profile
echo 'export GPG_TTY=$(tty)' >> ~/.profile

And set commit.gpgsign in git config to true:

git config --global commit.gpgsign true

Now your GPG key has been added to the git config.

Adding a GPG key to a GitHub account

If you want to use your key with GitHub see the documentation.

You can find an additional information about signing commits at GitHub Documentation.