Use GPG signing in git

This article wasn't updated in the last 4 years. Please double check if the content is still up-to-date.

If you find any error, please send me a quick heads-up.

This guide explains how to add GPG signing in git.

You don’t have to use the GPG Suite, but it will make it easier for you, as it will automatically add your GPG keys to the macOS Keychain and this way you don’t need to enter your password all the time.

1. Install GPG Suite

Install the GPG suite.

2. Create PGP Key

Create a new key. Add your name, email and set the length to 4096 and “RSA and RSA”.

For maximum comfort, leave password empty and remove expiry.

In this case (as nearly always) more comfort means less security. So keep that in mind.

You should directly upload your Public Key to the key server.

3. Tell git about the GPG key

First, you need to find your key:

gpg --list-secret-keys --keyid-format LONG

The result will look something like this:

/Users/you/.gnupg/pubring.kbx
-----------------------------
sec   rsa4096/1234567890ABCDE 2020-09-02 [SC]
      ########################################
uid              [ ultimate ] Jannik <[email protected]>
ssb   rsa4096/################ 2020-09-02 [E]

In the line with sec, you need the key after rsa4096/.

Now activate commit signing in git and tell git which key to use for signing the commits (here you need the key from above):

git config --global commit.gpgsign true
git config --global user.signingkey $YOUR_KEY