If you find any error, please send me a quick heads-up.
This guide explains how to add GPG signing in git.
You don’t have to use the GPG Suite, but it will make it easier for you, as it will automatically add your GPG keys to the macOS Keychain and this way you don’t need to enter your password all the time.
1. Install GPG Suite
Install the GPG suite.
2. Create PGP Key
Create a new key. Add your name, email and set the length to 4096 and “RSA and RSA”.
For maximum comfort, leave password empty and remove expiry.
In this case (as nearly always) more comfort means less security. So keep that in mind.
You should directly upload your Public Key to the key server.
3. Tell git about the GPG key
First, you need to find your key:
gpg --list-secret-keys --keyid-format LONG
The result will look something like this:
/Users/you/.gnupg/pubring.kbx
-----------------------------
sec rsa4096/1234567890ABCDE 2020-09-02 [SC]
########################################
uid [ ultimate ] Jannik <[email protected]>
ssb rsa4096/################ 2020-09-02 [E]
In the line with sec
, you need the key after rsa4096/
.
Now activate commit signing in git and tell git which key to use for signing the commits (here you need the key from above):
git config --global commit.gpgsign true
git config --global user.signingkey $YOUR_KEY