-
Check GPG (GNU Privacy Guard) is installed
gpg --version
-
List GPG Keys
gpg --list-secret-keys --keyid-format LONG
Output
/home/user/.gnupg/secring.gpg ------------------------------------ sec 4096R/ABCDEF1234567890 2023-01-01 [expires: 2025-01-01] uid Your Name <your.email@example.com> ssb 4096R/1234567890ABCDEF 2023-01-01
The
ABCDEF1234567890
part is the key ID. -
Configure Git to Use Your GPG Key
Set the GPG key for the specific repository (or globally for all repositories).Specific repo:
git config user.signingkey ABCDEF1234567890
Globally:
git config --global user.signingkey ABCDEF1234567890
Replace
ABCDEF1234567890
with your actual GPG key ID. -
Enable Commit Signing by Default (Optional)
You can configure Git to sign all commits by default.Specific repo:
git config commit.gpgSign true
Globally:
git config --global commit.gpgSign true
-
Sign a Commit Manually
If you don’t enable signing by default, you can sign a commit manually by using the-S
option:
git commit -S -m "Your commit message"
-
Verify the Signed Commit
You can verify that your commit was signed by using:
git log --show-signature
It should show something like:
commit abcdef1234567890abcdef1234567890abcdef12 (HEAD -> main) gpg: Signature made Mon 01 Jan 2023 12:00:00 PM UTC using RSA key ID ABCDEF1234567890 gpg: Good signature from "Your Name <your.email@example.com>"
-
Push Your Signed Commits
Now, when you push your commits, they will be signed with your GPG key.
git push origin main
GitHub/GitLab Setup: If you’re using GitHub or GitLab, make sure your GPG key is added to your account:
- For GitHub: Adding a GPG Key
- For GitLab: Adding a GPG Key
Passphrase Prompt: If your GPG key is passphrase-protected, you’ll be prompted to enter the passphrase whenever you sign a commit. I'll update this soon to include how to modify key caching to prevent repeated passphrase entry.
Top comments (1)
Can't wait for this:
I'll update this soon to include how to modify key caching to prevent repeated passphrase entry.