3 homepage: https://webinstall.dev/gpg-pubkey
5 Get your GnuPG Public Key.
10 > Your GnuPG Public Key can be used for signing git commits and email, among
11 > other things. The file public key ends in `.asc`.
13 This installs two commands.
16 1. Create a new gpg keypair if you don’t already have one \
17 (uses `~/.gitconfig` for name and email)
18 2. Copy your new or existing GnuPG Public Key to your `Downloads` folder
19 3. Print the location of the copied key, and its contents, to the screen
20 - `gpg-pubkey-id` will output the id of your public key.
22 The easiest way to get your GnuPG Public Key:
25 curl https://webinstall.dev/gpg-pubkey | bash
28 This is what the output of `gpg-pubkey` looks like (except much longer):
31 GnuPG Public Key ID: CA025BC42F00BBBE
33 ~/Downloads/john@example.com.gpg.asc:
35 -----BEGIN PGP PUBLIC KEY BLOCK-----
37 mQINBGGLrUIBEAC+k1rHvi4xbCiN/cnh3Zi4rbKeJdPIWDP0wDhZcYzIN4/ZWVAm
38 ... (several lines omitted for brevity)
39 nZH7UhxDx6Gu4w1+uef0E/cjz2BuEn/LN9UBGWwI5dLp5p03FeXYzzAwt6sh
41 -----END PGP PUBLIC KEY BLOCK-----
44 Note: Your public key is the _entire_ section starting with and including
45 `-----BEGIN` all the way to and including `BLOCK-----`
49 These are the files / directories that are created and/or modified with this
53 ~/.config/envman/PATH.env
54 ~/.local/bin/gpg-pubkey
55 ~/.local/bin/gpg-pubkey-id
57 ~/Downloads/YOU.KEY_ID.gpg.asc
60 ## How to add your GPG Public Key to GitHub
62 1. Go to your GitHub Profile (<https://github.com/settings/profile>)
63 2. Go to the SSH and GPG Keys (<https://github.com/settings/keys>)
64 3. Add GPG Key (<https://github.com/settings/gpg/new>)
65 4. Paste the output of `gpg-pubkey` into the form
67 ## How to automatically sign your git commits
69 Run `gpg-pubkey-id` to get your GnuPG Public Key ID and then update your
70 `~/.gitconfig` to sign with it by default:
79 git config --global user.signingkey "${MY_KEY_ID}"
80 git config --global commit.gpgsign true
81 git config --global log.showSignature true
84 Or, for Windows users:
89 $my_key_id = gpg-pubkey-id
91 git config --global user.signingkey "$my_key_id"
92 git config --global commit.gpgsign true
93 git config --global log.showSignature true
96 ## How to use `gpg` manually
98 - How to get your Public Key ID
99 - How to export your Public Key
100 - How to create a Private Key
102 ### How to get your GnuPG Public Key ID
104 All _Secret Keys_ have _Public IDs_ (and corresponding _Public Keys_).
106 Here's a command to list your secret key(s) and get the Public ID (of the first
107 one, if you have many):
113 gpg --list-secret-keys --keyid-format LONG |
121 Or, for Windows users:
127 gpg --list-secret-keys --keyid-format LONG |
128 Select-String -Pattern '\.*sec.*\/' |
131 $_.Line.split('/')[1].split(' ')[0]
137 Let's break that down, for good measure:
139 All secret keys have a Public Key and a Public ID, which can be viewed in _LONG_
143 gpg --list-secret-keys --keyid-format LONG
147 /Users/me/.gnupg/pubring.kbx
148 ----------------------------
149 sec rsa3072/CA025BC42F00BBBE 2021-11-10 [SCEA]
150 6F848282295B19123748D36BCA025BC42F00BBBE
151 uid [ultimate] John Doe (mac.local) <john@example.com>
152 ssb rsa3072/674124162BF19A32 2021-11-10 [SEA]
155 The line with the Public Key ID is the one that starts with `sec`:
158 sec rsa3072/CA025BC42F00BBBE 2021-11-10 [SCEA]
161 Specifically, it's the part just after the `/` - **CA025BC42F00BBBE**, in this
164 Note: It's important that you list the Secret Keys, because listing Public Keys
165 will show all keys that you trust in your gpg keychain (co-workers, for
166 example), not just keys that you own.
168 ### How to export your GnuPG Public Key:
170 Here's how to copy your Public Key into your Downloads folder:
173 gpg --armor --export "${MY_KEY_ID}" > ~/Downloads/"${MY_EMAIL}".gpg.asc
176 Or, if you just want to print it to your console, run this:
179 gpg --armor --export "${MY_KEY_ID}"
182 ### How to create an GnuPG Private Key:
184 Generally speaking you'll want to use the same name and email for `git` and
187 Here's how you can automate creating a key using the same info as what's in your
193 MY_NAME="$( git config --global user.name )"
194 MY_HOST="$( hostname )"
195 MY_EMAIL="$( git config --global user.email )"
197 gpg --batch --generate-key << EOF
198 %echo Generating RSA 3072 key
203 Name-Real: ${MY_NAME}
204 Name-Comment: ${MY_HOST}
205 Name-Email: ${MY_EMAIL}
211 Or, for the Windows folk...
216 $my_name = git config --global user.name
218 $my_email = git config --global user.email
221 %echo Generating RSA 3072 key
227 Name-Comment: $my_host
228 Name-Email: $my_email
231 " | gpg --batch --generate-key
234 Note: if you want to create a key without a passphrase, add
235 `--pinentry=loopback --passphrase=''` to the arguments.
237 (though typically it's better to create a random passphrase and just let macOS
238 store it in your user Keychain and forget it - just so it doesn't get backed up