Introduction#
Ensure the security of your commits by following these simple steps to set up GPG key signing. Add an extra layer of protection to your Git repositories with this quick and easy guide.
Step 1: Install Necessary Packages#
Start by installing the required packages, GnuPG, and pinentry:
sudo pacman -S gnupg pinentry
Step 2: Generate a GPG Keypair#
Generate a GPG keypair with the following command. Follow the prompts and enter information consistent with your GitHub/GitLab/Codeberg/Gitea account:
gpg --full-generate-key
- Choose RSA for enhanced security.
- Opt for a key size of 4096 for better security.
- Set the key expiration (0 for no expiration).
- Enter information matching your account details.
- Set a passphrase for the GPG keys.
Step 3: Retrieve the Public Key#
Get your GPG key’s information using the following command:
gpg --list-secret-keys --keyid-format LONG
Copy the GPG key ID (the sec value, not ssb). Now, obtain the PGP Public Key:
gpg --armor --export <GPG_KEY_ID>
Copy the displayed GPG Public key.
Step 4: Add GPG Key to Your Account#
For Git repositories, the steps are essentially the same. Log in to your account, navigate to the GPG section, and paste the GPG Key.
Step 5: Verify Your Public GPG Key#
In the same section, find a “Verify” button. Copy the provided command line, paste it into your terminal, copy the output, and paste it back into the verification section. Your GPG Key should now be verified.
Step 6: TTY Session#
Before proceeding, ensure the active session can use the GPG key, Add into ~/.zshrc:
export GPG_TTY=$(tty)
Step 7: Git Configuration Setup#
Configure Git to use your GPG key:
git config --global user.signingkey <GPG_KEY_ID>
git config --global commit.gpgSign true
Replace <GPG KEY ID> with your actual GPG key ID.
Step 8: Commit a Message#
When committing, Git will prompt for the passphrase associated with your GPG key, adding an extra layer of security:
git commit -S -m "commit message"
Ensure this commit is made with the corresponding Public Key.