- 
            
      
        
      
    Star
      
          
          (256)
      
  
You must be signed in to star a gist 
- 
              
      
        
      
    Fork
      
          
          (50)
      
  
You must be signed in to fork a gist 
- 
      
- 
        Save mort3za/ad545d47dd2b54970c102fe39912f305 to your computer and use it in GitHub Desktop. 
| # Generate a new pgp key: (better to use gpg2 instead of gpg in all below commands) | |
| gpg --gen-key | |
| # maybe you need some random work in your OS to generate a key. so run this command: `find ./* /home/username -type d | xargs grep some_random_string > /dev/null` | |
| # check current keys: | |
| gpg --list-secret-keys --keyid-format LONG | |
| # See your gpg public key: | |
| gpg --armor --export YOUR_KEY_ID | |
| # YOUR_KEY_ID is the hash in front of `sec` in previous command. (for example sec 4096R/234FAA343232333 => key id is: 234FAA343232333) | |
| # Set a gpg key for git: | |
| git config --global user.signingkey your_key_id | |
| # To sign a single commit: | |
| git commit -S -a -m "Test a signed commit" | |
| # Auto-sign all commits globaly | |
| git config --global commit.gpgsign true | 
Thanks. Also it's better to use gpg2 instead of gpg in above commands. In this case, you should set gpg2 as default program for gpg in git, To do this:
sudo apt-get install gnupg2
git config --global gpg.program gpg2
Thanks. It can also be useful to generate your key interactively using gpg --full-generate-key --allow-freeform-uid instead of gpg --gen-key.
If you do not want to sign local commits as you might be rebasing etc. a lot, use following to auto sign only commits that you push out:
git config --global push.gpgSign true
Remove --global to make it a per project configuration
In case of error gpg: signing failed: Inappropriate ioctl for device while signing a commit
use export GPG_TTY=$(tty) in your ~/.bashrc or ~/.zshrc file. source
Cache your password for 1 day (86400 seconds)
~/.gnupg/gpg-agent.conf (for gpg 2)
default-cache-ttl 86400
max-cache-ttl 86400
Reload gpg agent:
gpgconf --reload gpg-agent
Very helpful. thank you!
As a sidenote, I wanted to sign with my keybase key:
keybase pgp export | gpg --import
keybase pgp export -q KEYID --secret | gpg --import --allow-secret-key-import
git config --global user.signingkey KEYIDThanks,
I also had to do the following:
git config --global gpg.program gpg2
And also needed this in my bashrc otherwise it fails when asking for password (see keybase/keybase-issues#2798):
export GPG_TTY=$(tty)
gpg --list-keys
you always digitally sign with your private key not the public.
Nice. but it can more clearly if we say what is the
your_key_idWhen you execute this command:
You must to see this result if you have previously generated code:
And export key like this: