GitHub GPG sign commit

Required by some repo's for contributions.

  1. list current gpg keys 

    gpg --list-secret-keys --keyid-format=long

  2. edit key 

    gpg --edit-key <GPG key ID>

  3. edit and save with 

    gpg> adduid
.... edit/update
gpg> save

  4. export and upload to github 

    $ gpg --armor --export <<e.g.3AA5C34371567BD2>>

  5. set the gpg key as git signing key 

    gpg --list-secret-keys --keyid-format=long

git config --local user.signingkey "${YOUR_SIGNING_KEY}"

git config --local commit.gpgsign true

# verify gpg and key
export GPG_TTY=$(tty)
echo "test" | gpg --clearsign

git commit -S -m "my commit msg."

git log --show-signature

    5b. sign previous commit 

    # verify gpg and key
export GPG_TTY=$(tty)
echo "test" | gpg --clearsign

git rebase HEAD~1 --signoff --gpg-sign=52779322CDB44421

git rebase --continue

GitHub/GPGsign (last edited 2024-01-16 10:48:17 by PieterSmit)