Permalink
Browse files

first commit

  • Loading branch information...
Patrick Stadler authored and pstadler committed Apr 6, 2016
0 parents commit 861d10fb587ea60f025fcc3ef1064afef53dda7a
Showing with 83 additions and 0 deletions.
  1. +83 −0 README.md
@@ -0,0 +1,83 @@
# Setup Keybase.io, GPG & Git to sign commits on GitHub

This is a step-by-step guide on how to create a GPG key on [keybase.io](https://keybase.io), adding it to a local GPG setup and use it with Git and GitHub.

Although this guide was written for OS X, most commands should work in other operating systems as well.

## Requirements

```sh
$ brew install gpg keybase
```

You should already have an account with Keybase and be signed in locally using `$ keybase login`. In case you need to set up a new device first, follow the instructions provided by the keybase command during login.

Make sure your local version of Git is at least 2.0 (`$ git --version`) to automatically sign all your commits. If that's not the case, use Homebrew to install the latest Git version: `$ brew install git`.

## Create a new GPG key on keybase.io

```sh
$ keybase pgp gen --multi

This comment has been minimized.

@mweibel

mweibel Apr 13, 2016

what's the reason for --multi?

This comment has been minimized.

@pstadler

pstadler Apr 13, 2016

Owner

That flag is required if you want to have multiple keys. As keybase already added one for @keybase.io, we create a new one at this place using the email address used for git commits.

This comment has been minimized.

@pstadler

pstadler Apr 13, 2016

Owner

$ keybase pgp help gen

# Enter your real name, which will be publicly visible in your new key: Patrick Stadler
# Enter a public email address for your key: patrick.stadler@gmail.com
# Enter another email address (or <enter> when done):
# Push an encrypted copy of your new secret key to the Keybase.io server? [Y/n] Y
# ▶ INFO PGP User ID: Patrick Stadler <patrick.stadler@gmail.com> [primary]
# ▶ INFO Generating primary key (4096 bits)
# ▶ INFO Generating encryption subkey (4096 bits)
# ▶ INFO Generated new PGP key:
# ▶ INFO user: Patrick Stadler <patrick.stadler@gmail.com>
# ▶ INFO 4096-bit RSA key, ID CB86A866E870EE00, created 2016-04-06
# ▶ INFO Exported new key to the local GPG keychain
```

## Set up Git to sign all commits

```sh
$ gpg --list-secret-keys
# /Users/pstadler/.gnupg/secring.gpg
# ----------------------------------
# sec 4096R/E870EE00 2016-04-06 [expires: 2032-04-02]
# uid Patrick Stadler <patrick.stadler@gmail.com>
# ssb 4096R/F9E3E72E 2016-04-06
$ git config --global user.signingkey E870EE00
$ git config --global commit.gpgsign true
```

## Add public GPG key to GitHub

```sh
$ open https://github.com/settings/keys
# Click "New GPG key"
$ keybase pgp export -q CB86A866E870EE00 | pbcopy # copy public key to clipboard
# Paste key, save
```

## Import key to GPG on another host

```sh
$ keybase pgp export
# ▶ WARNING Found several matches:
# user: Patrick Stadler <patrick.stadler@gmail.com>
# 4096-bit RSA key, ID CB86A866E870EE00, created 2016-04-06
# user: keybase.io/ps <ps@keybase.io>
# 4096-bit RSA key, ID 31DBBB1F6949DA68, created 2014-03-26
$ keybase pgp export -q CB86A866E870EE00 -o public.key
$ keybase pgp export -q CB86A866E870EE00 --secret -o secret.key
$ gpg --import public.key
$ gpg --allow-secret-key-import --import secret.key
$ rm public.key secret.key
```

## Optional: Set as default GPG key

```sh
$ $EDITOR ~/.gnupg/gpg.conf
# Add line: default-key E870EE00
```

0 comments on commit 861d10f

Please sign in to comment.