Precondition#
The terminal gpg command is working properly
Generate GPG Key#
Note: It should be consistent with the email in git config, check the command below
git config --global user.email
Generate key
gpg --full-generate-key
- Select key type: default is fine
- Select algorithm: default
- Expiry: according to yourself
- Is this correct: y
- Name
- Email (make sure to use the one in git config)
- Comment: according to yourself
- Enter password
Get key information#
gpg --list-keys
The first line switch is pub, copy the id from the second line, then execute in the terminal:
gpg --armor --export copied id
Example: gpg --armor --export 4F113915706D141348CDC3DB5873563E6B2
After execution, you will get a public key starting with BEGIN and ending with END, copy it and go to github
Paste the public key into Github#
github->profile icon at the top right->setting->SSH and GPG keys->New GPG key
- Give it a Title
- Paste the copied content into Key
- Add GPG key
Sign Git commits with GPG private key#
Get the list of keys
gpg --list-keys
Copy the id
git config --global user.signingkey copied id
Example: git config --global user.signingkey 4F113915706D141348CDC3DB5873563E6B2
To sign each commit, add the -S parameter
git commit -S -m "..."
You can also automatically require signatures
git config --global commit.gpgsign true
Trust Github's own GPG key#
Purpose: When creating a repository on the web, if it doesn't show Verified, it can be frustrating for perfectionists
Import Github's own GPG key
curl https://github.com/web-flow.gpg | gpg --import
Github's key expired after 24 years, so two keys will be imported
Get the list of keys
gpg --list-keys
Copy the id of the Github key that hasn't expired, then perform the signing operation
gpg --sign-key 968479A1AFF927E37D1A566BB5690EEEBB952194
Enter y to confirm the signature.