# GPG

Sign commit with GPG

## Install GPG

```bash
brew install gnupg
```

## Import GPG Key

```bash
gpg --import private.key
```

## List keys

```bash
gpg --list-keys

# Output
/Users/muxinqi/.gnupg/pubring.kbx
---------------------------------
pub   rsa4096 2020-12-25 [SC] [expires: 2024-12-25]
      ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
uid           [ unknown] muxinqi <hi@muxinqi.com>
uid           [ unknown] muxinqi <hi@mxq.im>
sub   rsa4096 2020-12-25 [E] [expires: 2024-12-25]
sub   rsa4096 2021-03-20 [S] [expires: 2024-12-25]
```

## Set trust level

```bash
gpg --edit-key ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN

> trust
> 5 # Ultimate
> y # Confirm
> q # Quit
```

Restart `gpg-agent`

```bash
gpgconf --kill gpg-agent
```

Check trust level

```bash
gpg --list-keys

/Users/muxinqi/.gnupg/pubring.kbx
---------------------------------
pub   rsa4096 2020-12-25 [SC] [expires: 2024-12-25]
      ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
uid           [ultimate] muxinqi <hi@muxinqi.com>
uid           [ultimate] muxinqi <hi@mxq.im>
sub   rsa4096 2020-12-25 [E] [expires: 2024-12-25]
sub   rsa4096 2021-03-20 [S] [expires: 2024-12-25]
```

## Sign commit with the key

```bash
git config --global user.signingkey ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
git config --global gpg.program $(which gpg)
```

Add the following line to the end of `~/.zshrc`

```bash
export GPG_TTY=$(tty)
```

Now, close and re-open the terminal, could sign commit with:

```bash
git commit -S -m "signed commit"
```

## Sign commits automatically

```bash
git config --global commit.gpgsign true
```

To avoid having to re-enter the password after a certain period of time, using `pinentry-mac` to solve this problem

```bash
brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
```

Restart gpg-agent

```bash
gpgconf --kill gpg-agent
```

<br>

## References

* [Signing your Git Commits using GPG on MacOS](https://gist.github.com/troyfontaine/18c9146295168ee9ca2b30c00bd1b41e)
* [Sign git commits on GitHub with GPG in macOS](https://samuelsson.dev/sign-git-commits-on-github-with-gpg-in-macos/)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.muxinqi.com/macos-setup/gpg.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.