TLDR
Check out the awesome guide How to Sign Git Commits if you have not configure git signature before.
- Generate a key from
$ gpg --full-generate-key - Update [user] credentials in git config
- (Optional) Export the key to GitHub
Steps
1. Create a New Key
Follow GitHub's "Generating a GPG key" if the key is to be used on GitHub.
$ gpg --full-generate-keyThe output should look something like the following:
# Keep the key ID (where the BDKEY5KEY78KEY48 is) for step 3
gpg: key BDKEY5KEY78KEY48 marked as ultimately trusted
gpg: revocation certificate stored as ...
public and secret key created and signed.
# Keep the public key (where the 4044FKEYFKEY... is) for step 2
pub rsa4096 2021-05-17 [SC]
4044FKEYKEYMOREKEYSKEYKEYKEYKEYMOREKEYS8
uid Danny Cheng-Hsuan Han <chenghsuan.han@gmail.com>
sub rsa4096 2021-05-17 [E]2. Update [user] credentials in git config
Don't forget to do a test commit when done updating credentials!
Refer to GitHub's "Telling Git about your GPG key" if you have multiple keys.
# Add --global to set it globally
$ git config --editThe template should be like the following:
# .gitconfig
# ...omitted
[user]
name = (user your desired name, i.e., Danny Cheng-Hsuan Han)
email = (use your email in key generation, i.e., chenghsuan.han@gmail.com)
signingKey = (use the public key from key generation, i.e., 4044FKEYKEYMOREKEYSKEYKEYKEYKEYMOREKEYS8)
# ...omitted
3. Export the key to GitHub
Refer to GitHub's "Adding a GPG key" for more details.
3-1
$ gpg --list-secret-keys --keyid-format LONG3-2
# Use the key ID from step 1 here
# In case you lose the key ID, use pub key from `$ gpg --list-keys` is ok too
$ gpg --armor --export BDKEY5KEY78KEY483-3
Quoting from GitHub, Copy your GPG key, beginning with -----BEGIN PGP PUBLIC KEY BLOCK----- and ending with -----END PGP PUBLIC KEY BLOCK----- then paste it to your GitHub account. Done!