GIT - Signed Commits
Install gpg-suite for mac
(windows - https://gpgtools.org/)
brew cask install gpg-suite
Ensure that gpg is successfully installed
gpg --version
Once gpg-suite is installed,
Open Terminal and Generate a GPG Private key-pair.
This key-pair would be utilised to generate a Signature and in Encryption.
Algorithm
Prompts user with a list of methods to generate a key-pair
Chose based on project/client requirements (default's suggested)
Key Size
- Appropriate key Size with the range provided per requirements
Expiration
Usually this can be set "never to expire"
Specify its expiration, and the same needs to be communicated
Identifier
- Specify and identifier for your key with your email address
Passphrase
- When prompted, enter a Passphrase to protect the key.
gpg --full-generate-key
List all the gpg-suite keys
gpg --list-secret-keys --keyid-format LONG
To add this key to to GitHUB Account
Get the Secret Key
gpg --list-secret-keys --keyid-format LONG
Output
sec rsa2048/ABCDEFGHIJKLMNOP 2020-02-20 [SC]```
ABCDEFGHIJKLMNOP your Private key
Export the key
gpg --armor --export **ABCDEFGHIJKLMNOP**
Add gpg key on to github account
https://github.com/settings/keys
Telling Git about your signed key
git config --global user.signingkey ABCDEFGHIJKLMNOP
Set the Branch Protection rules for "Signed Commits"
- Navigate to your git profile (git-user) and into your (git repository)
WSL(Windows Subsystem for Linux) users
Configure gpg to utilize terminal(tty) to prompt ( passphrase pop up )
Add following command in .gnupg/gpg.conf or in ~/.bashrc
# enable passphrase prompt for gpg
export GPG_TTY=$(tty)
Enable "Signed" commits using '-S' option
git add .
git commit -S -m your-commit-mmessage
git push -u origin main
Miscellaneous GPG commands
To add a Secret SuBKey, Run the following command
gpg --edit-key <SECret key>
List gpg public and private keys for a specific user email address
gpg --list-keys email-address