Setup GPG on Mac and sign git repositories

Sep 10, 2019

Gnu Privacy Guard is an encryption software program that uses public-key cryptography for key exchange. More about it can be found on Wikipedia’s web page or on the official web page.

Using a GPG key to sign your commits allows Github/GitLab/BitBucket to show a nice Verified icon against your commit and also to show the key ID that was used for that commit. This is a safety feature that allows commit owners to prove that they authored the commit, or not authored, depending on the situation. This is necessary as anyone can create GitHub/GitLab/BitBucket accounts and pretend to be someone else by using their name.

In order to use it on Mac, a few easy steps are required:

  • Install the tools using Homebrew brew install gnupg2 pinentry-mac
    • GnuPG2 is the package with the GPG related tools
    • Pinentry-mac is used to capture the key passphrase when using the key
  • After successfull instalation, we need a small hack to make the gpg agent use pinentry-mac: echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
  • Restart the gpg-agent: killall gpg-agent
  • Create a new GPG key: gpg --full-generate-key
  • A few things to choose when generating a key:
    • Key kind: use (1), default
    • 4096 bits long
    • (0) key does not expire
    • Add your details (name, email, comment)
    • Choose a strong key passphrase that you can remember
  • List all the keys on the system: gpg --list-secret-keys
  • Grab the sec part, without the rsa/4096 and without the created date
  • Go to Github https://github.com/settings/keys and click New GPG key
  • Output the public key in ASCII gpg --armor --export <sec-part-here> and copy the output
  • Save the new key
  • To use this key globally, instruct git to use it: git config --global user.signingkey <sec part here>
  • If you have several GPG keys that you want to use on the same machine for different repositories, then add the key sec on the local git config, edit .git/config file:
[user]
        name = <Your name here>
        email = <email address from the GPG key>
        signingkey = <sec id from your key>
[commit]
        gpgsign = true
  • The settings above can be accomplished by editing the .git/config file or using git commands:
git config user.name <Your name here>
git config user.email <email address form the GPG key>
git config commit.gpgsign true
git config user.signingkey <key sec here>
  • If you don’t have gpgsign flag enabled, when you commit, you can ask git to sign the commit with git commit -S -m "Initial commit"
  • If you don’t want to use the -S flag all the time, you can also enable signing globally with git config --global commit.gpgsign true
  • If you get an error similar to secret key not available, then you might want to set your gpg program globally as gpg2: --global gpg.program gpg2

Tags: programmingsoftware-engineeringgpggit

Archives

  1. February 2024
  2. Maximizing Software Development Productivity: The Power of Flow and Minimizing Interruptions
  3. December 2023
  4. Clean Code in Java: Writing Code that Speaks
  5. Clean Code in Java: A concise guide
  6. Understanding Value Objects in Java: A Brief Guide
  7. August 2023
  8. Consuming RabbitMQ Messages with Clojure: A Step-by-Step Tutorial with Tests
  9. January 2023
  10. Running a Spring Boot service with kubernetes
  11. December 2022
  12. Hosting a PWA with Jekyll and Github pages
  13. November 2022
  14. Global Day of Code Retreat
  15. Facilitating a mini Code Retreat
  16. October 2022
  17. The Curse of Optional
  18. September 2022
  19. Testing Spring Boot Microservices - Presentation
  20. March 2022
  21. TDD Workshop
  22. February 2022
  23. Value Objects in Java
  24. Efficient Java
  25. January 2022
  26. Spring Boot testing - Focus on your changes
  27. Product users - Personas
  28. December 2021
  29. Write code fit for testing
  30. November 2020
  31. Running a Spring Boot app with kubernetes
  32. September 2019
  33. Setup GPG on Mac and sign git repositories
  34. July 2019
  35. Running a Clojure Pedestal application on Raspberry Pi model B revision 2
  36. Clojure from zero to hero (part 3) - First endpoint
  37. Clojure from zero to hero (part 2) - A bit of syntax
  38. June 2019
  39. Clojure from zero to hero (1) - explaining project.clj
  40. Clojure from zero to hero (0) - creating a Pedestal app
  41. November 2017
  42. Introduction to Docker
  43. April 2015
  44. Git micro commits
  45. July 2014
  46. Google Glass Development - setup tools, environment and turn on debugging on Glass
  47. June 2013
  48. How To: Get the rendered HTML of a webpage with Python
  49. Set union of two lists in Python