Browse files

first commit

  • Loading branch information...
Patrick Stadler authored and pstadler committed Apr 6, 2016
0 parents commit 861d10fb587ea60f025fcc3ef1064afef53dda7a
Showing with 83 additions and 0 deletions.
  1. +83 −0
@@ -0,0 +1,83 @@
# Setup, GPG & Git to sign commits on GitHub

This is a step-by-step guide on how to create a GPG key on [](, adding it to a local GPG setup and use it with Git and GitHub.

Although this guide was written for OS X, most commands should work in other operating systems as well.

## Requirements

$ brew install gpg keybase

You should already have an account with Keybase and be signed in locally using `$ keybase login`. In case you need to set up a new device first, follow the instructions provided by the keybase command during login.

Make sure your local version of Git is at least 2.0 (`$ git --version`) to automatically sign all your commits. If that's not the case, use Homebrew to install the latest Git version: `$ brew install git`.

## Create a new GPG key on

$ keybase pgp gen --multi

This comment has been minimized.


mweibel Apr 13, 2016

what's the reason for --multi?

This comment has been minimized.


pstadler Apr 13, 2016


That flag is required if you want to have multiple keys. As keybase already added one for, we create a new one at this place using the email address used for git commits.

This comment has been minimized.


pstadler Apr 13, 2016


$ keybase pgp help gen

# Enter your real name, which will be publicly visible in your new key: Patrick Stadler
# Enter a public email address for your key:
# Enter another email address (or <enter> when done):
# Push an encrypted copy of your new secret key to the server? [Y/n] Y
# ▶ INFO PGP User ID: Patrick Stadler <> [primary]
# ▶ INFO Generating primary key (4096 bits)
# ▶ INFO Generating encryption subkey (4096 bits)
# ▶ INFO Generated new PGP key:
# ▶ INFO user: Patrick Stadler <>
# ▶ INFO 4096-bit RSA key, ID CB86A866E870EE00, created 2016-04-06
# ▶ INFO Exported new key to the local GPG keychain

## Set up Git to sign all commits

$ gpg --list-secret-keys
# /Users/pstadler/.gnupg/secring.gpg
# ----------------------------------
# sec 4096R/E870EE00 2016-04-06 [expires: 2032-04-02]
# uid Patrick Stadler <>
# ssb 4096R/F9E3E72E 2016-04-06
$ git config --global user.signingkey E870EE00
$ git config --global commit.gpgsign true

## Add public GPG key to GitHub

$ open
# Click "New GPG key"
$ keybase pgp export -q CB86A866E870EE00 | pbcopy # copy public key to clipboard
# Paste key, save

## Import key to GPG on another host

$ keybase pgp export
# ▶ WARNING Found several matches:
# user: Patrick Stadler <>
# 4096-bit RSA key, ID CB86A866E870EE00, created 2016-04-06
# user: <>
# 4096-bit RSA key, ID 31DBBB1F6949DA68, created 2014-03-26
$ keybase pgp export -q CB86A866E870EE00 -o public.key
$ keybase pgp export -q CB86A866E870EE00 --secret -o secret.key
$ gpg --import public.key
$ gpg --allow-secret-key-import --import secret.key
$ rm public.key secret.key

## Optional: Set as default GPG key

$ $EDITOR ~/.gnupg/gpg.conf
# Add line: default-key E870EE00

0 comments on commit 861d10f

Please sign in to comment.