Commit signing
Generating and exporting the PGP key
- Generate the PGP key (per accepted PGP key types by your Git provider)
gpg --full-generate-key
# choose default or select supported type (RSA/DSA is default)
# choose expiration (or without)
# fill account details (name, email)
- Get ID of the key
gpg --list-secret-keys --keyid-format=long
- Export the public key
gpg --armor --export *key_id*
- [OPTIONAL] Export private key (if it should be used on another machine/for another user)
gpg --export-secret-key -a *name_on_key* > *name_on_key*.gpg.key
Enabling commit singing (Windows)
- If the key was generated on another system (WSL, other Linux install), a private key import might be needed. GPG4Win can be a useful tool for managing keys
- GPG tools need to be installed (can be installed as part of GPG4Win or standalone)
# Signing settings
git config commit.gpgsign true # current repo
git config --global commit.gpgsign true # globally
# GPG settings
git config --global user.signingkey <key_id>
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"
# sign the commit (-S flag)
git commit -S -m "initial"