sign git commits - 06-08-22
Who doesn’t want the cool “verified” badge in Gitlab.
To get this we must sign our commits via gpg.
Step 1: Figure out which key you are going to use
$ gpg --list-keys pub rsa3072 2020-01-01 [SC] [expires: 2030-01-01] AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA uid [ultimate] Travis Shears <email@example.com> sub rsa3072 2020-01-01 [E] [expires: 2030-01-01] pub rsa2048 2020-01-01 [SC] [expires: 2030-01-01] BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB uid [ultimate] Travis Shears <firstname.lastname@example.org> sub rsa2048 2020-01-01 [E] [expires: 2030-01-01]
In this case I’ll use key email@example.com.
Step two: Configure git to sign commits with the gpg key
Edit your ~/.gitconfig to look something like this
[user] name = Travis Shears email = firstname.lastname@example.org signingkey = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA [commit] gpgsign = true
We added the signingkey so git knows which key to use and we specified gpgsign so git knows we want to sign all commits.
Step three: Copy your public gpg key to clipboard
$ gpg --armor --export AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA | pbcopy
You can also do it with the email of the key
$ gpg --armor --export email@example.com | pbcopy
Step four: Paste your public gpg key into settings page of your favorite version control site, ex: Github, Gitlab, Source Hut.