GPG
Sign commit with GPG
Install GPGâ
brew install gnupg
Import GPG Keyâ
gpg --import private.key
List keysâ
gpg --list-keys
# Output
/Users/muxinqi/.gnupg/pubring.kbx
---------------------------------
pub rsa4096 2020-12-25 [SC] [expires: 2024-12-25]
ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
uid [ unknown] muxinqi <[email protected]>
uid [ unknown] muxinqi <[email protected]>
sub rsa4096 2020-12-25 [E] [expires: 2024-12-25]
sub rsa4096 2021-03-20 [S] [expires: 2024-12-25]
Set trust levelâ
gpg --edit-key ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
> trust
> 5 # Ultimate
> y # Confirm
> q # Quit
Restart gpg-agent
gpgconf --kill gpg-agent
Check trust level
gpg --list-keys
/Users/muxinqi/.gnupg/pubring.kbx
---------------------------------
pub rsa4096 2020-12-25 [SC] [expires: 2024-12-25]
ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
uid [ultimate] muxinqi <[email protected]>
uid [ultimate] muxinqi <[email protected]>
sub rsa4096 2020-12-25 [E] [expires: 2024-12-25]
sub rsa4096 2021-03-20 [S] [expires: 2024-12-25]
Sign commit with the keyâ
git config --global user.signingkey ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
git config --global gpg.program $(which gpg)
Add the following line to the end of ~/.zshrc
export GPG_TTY=$(tty)
Now, close and re-open the terminal, could sign commit with:
git commit -S -m "signed commit"
Sign commits automaticallyâ
git config --global commit.gpgsign true
To avoid having to re-enter the password after a certain period of time, using pinentry-mac
to solve this problem
brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
Restart gpg-agent
gpgconf --kill gpg-agent