3 homepage: https://webinstall.dev/git-gpg-init
5 Get your GnuPG Public Key.
10 > Although the latest git release allows you to sign with SSH Keys (and GitHub
11 > will implement this shortly if it hasn't already), most systems do not have
12 > the latest git release, and most verification systems are not updated with the
13 > newest verification techniques, so you may wish to sign your commits with GPG,
14 > as has been done for the last 20 years...
18 - How to [add a GPG key to Github](https://github.com/settings/gpg/new)
19 - How to cache the passphrase longer
20 - How to [create a GPG key](./gpg-pubkey)
21 - How to configure git with GPG signing
22 - Troubleshooting 'gpg failed to sign the data'
33 GnuPG Public Key ID: CA025BC42F00BBBE
35 -----BEGIN PGP PUBLIC KEY BLOCK-----
37 mQGNBGGQtKIBDAChxTT375fetQawLkyyDcz07uIEZVa9pvuip8goMqev7PkOIHi+
38 j6PDtFmxgv8ZOFe8+1RfMC7eL5fYah0/OBxNm7pPvAPDWOX38FfUzoq9CALW2xPD
40 Yee+eokiC2mWIEkMwbqlnNmkX/wphS0zcCsEiHirmDxgY6YY9QRjlzUMY68OqjfJ
41 IFjFWv3R7eckM957wyR5BvdQNfGrW7cWefWhdZOzLEE7
43 -----END PGP PUBLIC KEY BLOCK-----
45 Successfully updated ~/.gitconfig for gpg commit signing
47 How to verify signed commits on GitHub:
49 1. Go to 'Add GPG Key': https://github.com/settings/gpg/new
50 2. Copy and paste the key above from the first ---- to the last ----
55 These are the files / directories that are created and/or modified with this
59 ~/.config/envman/PATH.env
60 ~/.local/bin/git-gpg-init
61 ~/Downloads/YOU.KEY_ID.gpg.asc
64 ### How to add your GPG Public Key to GitHub
66 1. Go to your GitHub Profile (<https://github.com/settings/profile>)
67 2. Go to the SSH and GPG Keys (<https://github.com/settings/keys>)
68 3. Add GPG Key (<https://github.com/settings/gpg/new>)
69 4. Paste the output of `gpg-pubkey` into the form
71 ### How to cache the Passphrase longer
73 If you'd like the passphrase to be cached until your login session ends, just
74 set it to 400 days and call it good.
76 `~/.gnupg/gpg-agent.conf`:
79 default-cache-ttl 34560000
80 max-cache-ttl 34560000
83 You'll need to reload `gpg-agent` for this to take effect, or just logout and
89 gpgconf killall gpg-agent
91 # start gpg-agent again (yes, 'bye' to start)
92 gpg-connect-agent --agent-program ~/.local/opt/gnupg/bin/gpg-agent /bye
95 Note: You may need to change or omit `--agent-program`, depending on how you
96 installed `gpg` (if you installed it with Webi, run it as shown above).
98 ### How to create a GPG Key
102 - [gpg-pubkey](./gpg-pubkey)
103 - and [gpg](./gpg), if you want to do it "the hard way"
105 ### How to manually set up git commit gpg signing
107 (this is what `git-gpg-init` does)
109 Run [gpg-pubkey-id](./gpg-pubkey) to get your GnuPG Public Key ID and then
110 update your `~/.gitconfig` to sign with it by default:
119 git config --global user.signingkey "${MY_KEY_ID}"
120 git config --global commit.gpgsign true
121 git config --global log.showSignature true
124 Or, for Windows users:
129 $my_key_id = gpg-pubkey-id
131 git config --global user.signingkey "$my_key_id"
132 git config --global commit.gpgsign true
133 git config --global log.showSignature true
136 Or, if you prefer to edit the text file directly:
142 signingkey = CA025BC42F00BBBE
149 In some cases you may also want to prevent conflicts between different installed
150 versions of gpg, like so:
153 git config --global gpg.program ~/.local/opt/gnupg/bin/gpg
158 program = /Users/me/.local/opt/gnupg/bin/gpg
161 ### Troubleshooting 'gpg failed to sign the data'
163 `gpg` is generally expected to be used with a Desktop client. On Linux servers
164 you may get this error:
167 error: gpg failed to sign the data
168 fatal: failed to write commit object
171 Try to load the `gpg-agent`, set `GPG_TTY`, and then run a clearsign test.
174 gpg-connect-agent /bye
175 export GPG_TTY=$(tty)
176 echo "test" | gpg --clearsign
179 If that works, update your `~/.bashrc`, `~/.zshrc`, and/or
180 `~/.config/fish/config.fish` to include the following:
183 gpg-connect-agent /bye
184 export GPG_TTY=$(tty)
187 If this is failing on Mac or Windows, then `gpg-agent` is not starting as
188 expected on login (for Mac the above may work), and/or the `pinentry` command is
191 If you just installed `gpg`, try closing and reopening your Terminal, or