Skip to content

Instantly share code, notes, and snippets.

@Ronin1702

Ronin1702/GPG-Key.md

Last active September 3, 2023 05:44
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Ronin1702/c50d970b345a862ce9a9804776b2076e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Ronin1702/c50d970b345a862ce9a9804776b2076e to your computer and use it in GitHub Desktop.
Download ZIP
GitHub Commit Verification
Raw
GPG-Key.md

GitHub Commit Verification

  • On GitHub, when looking at the Commits in a repo, have you ever noticed the unverified and verified tags?
  • Screenshot 2023-09-01 at 3 43 57 AM
  • Screenshot 2023-09-01 at 3 41 27 AM
  • Screenshot 2023-09-01 at 3 45 55 AM
  • Screenshot 2023-09-01 at 3 46 40 AM
  • That is because you remotely git push a commit by using git commit -m.
  • To show a verified commit remotely, use git commit -S -m.
  • For that to work, you must have GPG Key added to your github account in the settings.

Check for existing GPG Key

gpg --list-secret-keys --keyid-format=long

Generating a new GPG key

  • For Mac users, download the GPG Suite to store and manage GPG Keys.
  • When generating a new OpenGPG Key Pair, make sure to go to Advanced Settings tab and select RSA, and 4090 bits.
  • Please make sure your email matches your github account email.
  • if you get a failed, no secret key message, locate your gpg.exeby the command below:
where.exe gpg
  • Open the .gitconfig file with VS Code or Notepad, add the correct path to [gpg] program secteion such as example the below:
[gpg]
program = gpg
program = C:\\Program Files\\GnuPG\\bin\\gpg.exe
gpgSign = true

Add a GPG Key

IMPORTANT Use PowerShell or none GitBash shells. GitBash shell did not work for me with the commands below

gpg --list-secret-keys --keyid-format=long
gpg --armor --export <id from the "sec" section after rsa4090/>
  • Copy your GPG key, beginning with -----BEGIN PGP PUBLIC KEY BLOCK----- and ending with -----END PGP PUBLIC KEY BLOCK-----. The whole nine yards.
  • Paste it into your GPG Key section in settings on GitHub.

Configure

  • To configure your Git client to sign commits by default for a local repository, in Git versions 2.0.0 and above, run command below:
git config commit.gpgsign true

To sign all commits by default in any local repository on your computer, run command below:

git config --global commit.gpgsign true

From now on, each time when you git commit -S -m"commit messages", your commit messages will be VERIFIED!

If you would like to skip the hassle and keep using the good old git commit -m and still have your remote Commits verified when pushed, install GitKraken and get crackin', example below for settings:

Untitled

If you need help with this subject, feel free to leaeve a comment below or message me on Github

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment