Skip to main content

GPG

Sign commit with GPG

Install GPG​

brew install gnupg

Import GPG Key​

gpg --import private.key

List keys​

gpg --list-keys

# Output
/Users/muxinqi/.gnupg/pubring.kbx
---------------------------------
pub rsa4096 2020-12-25 [SC] [expires: 2024-12-25]
ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
uid [ unknown] muxinqi <[email protected]>
uid [ unknown] muxinqi <[email protected]>
sub rsa4096 2020-12-25 [E] [expires: 2024-12-25]
sub rsa4096 2021-03-20 [S] [expires: 2024-12-25]

Set trust level​

gpg --edit-key ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN

> trust
> 5 # Ultimate
> y # Confirm
> q # Quit

Restart gpg-agent

gpgconf --kill gpg-agent

Check trust level

gpg --list-keys

/Users/muxinqi/.gnupg/pubring.kbx
---------------------------------
pub rsa4096 2020-12-25 [SC] [expires: 2024-12-25]
ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
uid [ultimate] muxinqi <[email protected]>
uid [ultimate] muxinqi <[email protected]>
sub rsa4096 2020-12-25 [E] [expires: 2024-12-25]
sub rsa4096 2021-03-20 [S] [expires: 2024-12-25]

Sign commit with the key​

git config --global user.signingkey ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
git config --global gpg.program $(which gpg)

Add the following line to the end of ~/.zshrc

export GPG_TTY=$(tty)

Now, close and re-open the terminal, could sign commit with:

git commit -S -m "signed commit"

Sign commits automatically​

git config --global commit.gpgsign true

To avoid having to re-enter the password after a certain period of time, using pinentry-mac to solve this problem

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf

Restart gpg-agent

gpgconf --kill gpg-agent