Getting Verified on GitHub! 🔐✨

How to Set Up a GPG Key for Signed Git Commits: A Step-by-Step Guide

Signing your commits with a GPG key is a great way to ensure authenticity and trust on GitHub. Let’s dive into the steps to generate and configure a GPG key for your Git commits! 🚀

Step 1: Generate a GPG Key 🛠️

1. Open Git Bash
   
   Launch Git Bash from your applications.

2. Generate a GPG Key
   
   Run the following command:
   

   gpg --full-generate-key

1. Choose Key Type
   
   Opt for the default option: (9) ECC (sign and encrypt) *default*
   
   

2. Select Elliptic Curve
   
   Stick with the default: (1) Curve 25519 *default*
   
   

3. Set Key Expiry Date
   
   Enter 0 for no expiration.
   
   

4. Confirm Key Details
   
   Type y and press Enter.

5. Enter User Information
   
   Provide your name and email, then press Enter after each.
   

   Real name: Your Name  
   Email address: example@gmail.com  

1. Final Confirmation
   
   Type o to confirm.
   
   

2. Set Passphrase
   
   When prompted, just click OK without entering anything.
   
   

Step 2: Locate Your GPG Key 🔍

1. List Secret Keys Run:

   gpg --list-secret-keys --keyid-format=long

1. Identify Key ID Copy the key ID from the line starting with sec:

   sec   4096R/12345678 2024-09-15 [expires: 2025-09-15]

1. Update Git Configuration Edit your .gitconfig file and add:

   [user]
     signingkey = 12345678

Step 3: Export Your Public Key 📤

1. Export Public Key Run:

   gpg --armor --export

1. Copy Public Key Copy everything between the lines:

   -----BEGIN PGP PUBLIC KEY BLOCK-----
   ...
   -----END PGP PUBLIC KEY BLOCK-----

Step 4: Add Your GPG Key to GitHub 🌐

1. Log in to GitHub
   
   Go to your GitHub account.

2. Navigate to SSH and GPG Keys
   
   Click your profile picture > Settings > SSH and GPG keys.

3. Add New GPG Key
   
   Click New GPG Key and paste the public key.
   
   

4. Authenticate
   
   Enter your GitHub password if prompted.

Step 5: Enable Commit Signing in Git ✅

1. Configure Git Enable signing by running:

   git config --global commit.gpgsign true

1. Verify Configuration Check that signing is enabled:

   git config --global --get commit.gpgsign

It should return true.

Step 6: Test Signing Your Commits 📝

1. Create a Test Repository Run:

   git init test-repo
   cd test-repo

1. Make a Test Commit Add a file and commit:

   echo "Test file" > test.txt
   git add test.txt
   git commit -m "Test commit"

1. Verify Signed Commit Run:

   git log --show-signature

You should see a message confirming the good signature.

Congratulations! 🎉

By following these steps, you can securely sign your Git commits, ensuring that your work is authenticated and trusted! If you have any questions or run into any issues, feel free to reach out. Happy coding! 💻✨

❤️ Show Some Love!

Found this helpful? 💬 Drop a comment, hit the like button, and share it with your friends! Let’s build cool stuff together! #ShareYourThoughts #EngageAndConnect