GPG

Sign commit with GPG

Install GPG

brew install gnupg

Import GPG Key

gpg --import private.key

List keys

gpg --list-keys

# Output
/Users/muxinqi/.gnupg/pubring.kbx
---------------------------------
pub   rsa4096 2020-12-25 [SC] [expires: 2024-12-25]
      ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
uid           [ unknown] muxinqi <[email protected]m>
uid           [ unknown] muxinqi <[email protected]m>
sub   rsa4096 2020-12-25 [E] [expires: 2024-12-25]
sub   rsa4096 2021-03-20 [S] [expires: 2024-12-25]

Set trust level

gpg --edit-key ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN

> trust
> 5 # Ultimate
> y # Confirm
> q # Quit

Restart gpg-agent

gpgconf --kill gpg-agent

Check trust level

gpg --list-keys

/Users/muxinqi/.gnupg/pubring.kbx
---------------------------------
pub   rsa4096 2020-12-25 [SC] [expires: 2024-12-25]
      ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
uid           [ultimate] muxinqi <[email protected]>
uid           [ultimate] muxinqi <[email protected]>
sub   rsa4096 2020-12-25 [E] [expires: 2024-12-25]
sub   rsa4096 2021-03-20 [S] [expires: 2024-12-25]

Sign commit with the key

git config --global user.signingkey ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
git config --global gpg.program $(which gpg)

Add the following line to the end of ~/.zshrc

export GPG_TTY=$(tty)

Now, close and re-open the terminal, could sign commit with:

git commit -S -m "signed commit"

Sign commits automatically

git config --global commit.gpgsign true

To avoid having to re-enter the password after a certain period of time, using pinentry-mac to solve this problem

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf

Restart gpg-agent

gpgconf --kill gpg-agent

References

PreviousRubyNextMisc

Last updated