DEV Community

Cover image for Getting Verified on GitHub! ๐Ÿ”โœจ
Baivab Sarkar
Baivab Sarkar

Posted on • Updated on

Getting Verified on GitHub! ๐Ÿ”โœจ

How to Set Up a GPG Key for Signed Git Commits: A Step-by-Step Guide

Signing your commits with a GPG key is a great way to ensure authenticity and trust on GitHub. Letโ€™s dive into the steps to generate and configure a GPG key for your Git commits! ๐Ÿš€

Step 1: Generate a GPG Key ๐Ÿ› ๏ธ

  1. Open Git Bash

    Launch Git Bash from your applications.

  2. Generate a GPG Key

    Run the following command:

   gpg --full-generate-key
Enter fullscreen mode Exit fullscreen mode
  1. Choose Key Type

    Opt for the default option: (9) ECC (sign and encrypt) *default*

    Choose Key Type

  2. Select Elliptic Curve

    Stick with the default: (1) Curve 25519 *default*

    Select Elliptic Curve

  3. Set Key Expiry Date

    Enter 0 for no expiration.

    Set Key Expiry Date

  4. Confirm Key Details

    Type y and press Enter.

  5. Enter User Information

    Provide your name and email, then press Enter after each.

   Real name: Your Name  
   Email address: example@gmail.com  
Enter fullscreen mode Exit fullscreen mode
  1. Final Confirmation

    Type o to confirm.

    Final Confirmation

  2. Set Passphrase

    When prompted, just click OK without entering anything.

    Set Passphrase


Step 2: Locate Your GPG Key ๐Ÿ”

  1. List Secret Keys Run:
   gpg --list-secret-keys --keyid-format=long
Enter fullscreen mode Exit fullscreen mode
  1. Identify Key ID Copy the key ID from the line starting with sec:
   sec   4096R/12345678 2024-09-15 [expires: 2025-09-15]
Enter fullscreen mode Exit fullscreen mode

Identify Key ID

  1. Update Git Configuration Edit your .gitconfig file and add:
   [user]
     signingkey = 12345678
Enter fullscreen mode Exit fullscreen mode

Update Git Configuration


Step 3: Export Your Public Key ๐Ÿ“ค

  1. Export Public Key Run:
   gpg --armor --export
Enter fullscreen mode Exit fullscreen mode
  1. Copy Public Key Copy everything between the lines:
   -----BEGIN PGP PUBLIC KEY BLOCK-----
   ...
   -----END PGP PUBLIC KEY BLOCK-----
Enter fullscreen mode Exit fullscreen mode

Export Public Key


Step 4: Add Your GPG Key to GitHub ๐ŸŒ

  1. Log in to GitHub

    Go to your GitHub account.

  2. Navigate to SSH and GPG Keys

    Click your profile picture > Settings > SSH and GPG keys.

  3. Add New GPG Key

    Click New GPG Key and paste the public key.

    Add New GPG Key

  4. Authenticate

    Enter your GitHub password if prompted.


Step 5: Enable Commit Signing in Git โœ…

  1. Configure Git Enable signing by running:
   git config --global commit.gpgsign true
Enter fullscreen mode Exit fullscreen mode

Enable Commit Signing

  1. Verify Configuration Check that signing is enabled:
   git config --global --get commit.gpgsign
Enter fullscreen mode Exit fullscreen mode

It should return true.


Step 6: Test Signing Your Commits ๐Ÿ“

  1. Create a Test Repository Run:
   git init test-repo
   cd test-repo
Enter fullscreen mode Exit fullscreen mode
  1. Make a Test Commit Add a file and commit:
   echo "Test file" > test.txt
   git add test.txt
   git commit -m "Test commit"
Enter fullscreen mode Exit fullscreen mode
  1. Verify Signed Commit Run:
   git log --show-signature
Enter fullscreen mode Exit fullscreen mode

You should see a message confirming the good signature.

Verify Signed Commit


Congratulations! ๐ŸŽ‰

By following these steps, you can securely sign your Git commits, ensuring that your work is authenticated and trusted! If you have any questions or run into any issues, feel free to reach out. Happy coding! ๐Ÿ’ปโœจ

โค๏ธ Show Some Love!

Found this helpful? ๐Ÿ’ฌ Drop a comment, hit the like button, and share it with your friends! Letโ€™s build cool stuff together! #ShareYourThoughts #EngageAndConnect

Image description

Top comments (0)