GPG

Install gnupg

brew install gpg

Install passphrase entry dialogs

brew install pinentry-mac

Generate a key

Follow instructions, select default via Enter if unsure. Make sure to use the same email and name as your GitHub account.

git config --global user.email #your-email"
git config --global user.name #your-name"

And use same email and name in the key generation process:

gpg --full-generate-key

Identify your key

gpg --list-secret-keys --keyid-format=long

Your is in "sec" part after slash, eg: sec ed25519/HERE 2021-12-07 [SC]

NOTE: M1 macs or freshly installed brew

Check where brew is located itself

which brew

Substitute all /usr/local/bin locations in the paths below to: /opt/homebrew/bin/brew.

Set git settings

git config --global user.signingkey <key>
git config --global commit.gpgsign true
git config --global gpg.program /opt/homebrew/bin/brew/gpg

Additional config

if [ -r ~/.zshrc ]; then echo 'export GPG_TTY=$(tty)' >> ~/.zshrc; \
  else echo 'export GPG_TTY=$(tty)' >> ~/.zprofile; fi

Add pinentry-mac to gpg-agent.conf by first checking where it is located and substituting it in the path below:

which pinentry-mac

echo "pinentry-program /opt/homebrew/bin/pinentry-mac" > ~/.gnupg/gpg-agent.conf

Restart gpg service

gpgconf --kill gpg-agent

Add your key to GitHub

Output your public key:

gpg --armor --export <key>

Add it to GitHub here

<https://github.com/settings/gpg/new>

NOTES

After a mac update sometimes the pinentry-mac is set back to it's original state in the gpg config:

vim ~/.gnupg/gpg-agent.conf

The line should state:

pinentry-program /opt/homebrew/bin/pinentry-mac

instead of this

pinentry-program /usr/local/bin/pinentry-mac

after editing this is required:

gpgconf --kill gpg-agent