GPG comes with git bash(also has openssl in there as well),
it is like open ssl, it generates public/private key paris, and copy public key to GIT
Every time you commit, you will send a hash message encoded by GPG private key to GIT so GIT know it is you who actually made the commit. (Or else other people can use ur name on their commit )
How to add it
https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key
Generating a GPG key
Note: Before generating a new GPG key, make sure you've verified your email address. If you haven't verified your email address, you won't be able to sign commits and tags with GPG. For more information, see "Verifying your email address."
Download and install the GPG command line tools for your operating system. We generally recommend installing the latest version for your operating system.
Open Git Bash.
Generate a GPG key pair. Since there are multiple versions of GPG, you may need to consult the relevant man page to find the appropriate key generation command. Your key must use RSA.
- If you are on version 2.1.17 or greater, paste the text below to generate a GPG key pair.
$ gpg --full-generate-key
- If you are not on version 2.1.17 or greater, the
gpg --full-generate-key
command doesn't work. Paste the text below and skip to step 6.$ gpg --default-new-key-algo rsa4096 --gen-key
- If you are on version 2.1.17 or greater, paste the text below to generate a GPG key pair.
At the prompt, specify the kind of key you want, or press
Enter
to accept the default.At the prompt, specify the key size you want, or press
Enter
to accept the default. Your key must be at least4096
bits.Enter the length of time the key should be valid. Press
Enter
to specify the default selection, indicating that the key doesn't expire.Verify that your selections are correct.
Enter your user ID information.
Note: When asked to enter your email address, ensure that you enter the verified email address for your GitHub account. To keep your email address private, use your GitHub-provided
no-reply
email address. For more information, see "Verifying your email address" and "Setting your commit email address."Type a secure passphrase.
Use the
gpg --list-secret-keys --keyid-format=long
command to list the long form of the GPG keys for which you have both a public and private key. A private key is required for signing commits or tags.$ gpg --list-secret-keys --keyid-format=long
Note: Some GPG installations on Linux may require you to use
gpg2 --list-keys --keyid-format LONG
to view a list of your existing keys instead. In this case you will also need to configure Git to usegpg2
by runninggit config --global gpg.program gpg2
.From the list of GPG keys, copy the long form of the GPG key ID you'd like to use. In this example, the GPG key ID is
3AA5C34371567BD2
:$ gpg --list-secret-keys --keyid-format=long <your_email> /Users/hubot/.gnupg/secring.gpg ------------------------------------ sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10] uid Hubot
ssb 4096R/42B317FD4BA89E7A 2016-03-10 Paste the text below, substituting in the GPG key ID you'd like to use. In this example, the GPG key ID is
3AA5C34371567BD2
:$ gpg --armor --export 3AA5C34371567BD2 # Prints the GPG key ID, in ASCII armor format
Copy your GPG key, beginning with
-----BEGIN PGP PUBLIC KEY BLOCK-----
and ending with-----END PGP PUBLIC KEY BLOCK-----
.
git config --global user.signingkey 30F2B65B9246B6CA
Remeber: For you local git, your username and email has to match GIT remote server
git config --global user.name "<user_name>"
git config --global user.email <your email>
To create a signed commit :
No comments:
Post a Comment