Setup GPG on Mac and sign git repositories

Sep 10, 2019

Gnu Privacy Guard is an encryption software program that uses public-key cryptography for key exchange. More about it can be found on Wikipedia’s web page or on the official web page.

Using a GPG key to sign your commits allows Github/GitLab/BitBucket to show a nice Verified icon against your commit and also to show the key ID that was used for that commit. This is a safety feature that allows commit owners to prove that they authored the commit, or not authored, depending on the situation. This is necessary as anyone can create GitHub/GitLab/BitBucket accounts and pretend to be someone else by using their name.

In order to use it on Mac, a few easy steps are required:

  • Install the tools using Homebrew brew install gnupg2 pinentry-mac
    • GnuPG2 is the package with the GPG related tools
    • Pinentry-mac is used to capture the key passphrase when using the key
  • After successfull instalation, we need a small hack to make the gpg agent use pinentry-mac: echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
  • Restart the gpg-agent: killall gpg-agent
  • Create a new GPG key: gpg --full-generate-key
  • A few things to choose when generating a key:
    • Key kind: use (1), default
    • 4096 bits long
    • (0) key does not expire
    • Add your details (name, email, comment)
    • Choose a strong key passphrase that you can remember
  • List all the keys on the system: gpg --list-secret-keys
  • Grab the sec part, without the rsa/4096 and without the created date
  • Go to Github https://github.com/settings/keys and click New GPG key
  • Output the public key in ASCII gpg --armor --export <sec-part-here> and copy the output
  • Save the new key
  • To use this key globally, instruct git to use it: git config --global user.signingkey <sec part here>
  • If you have several GPG keys that you want to use on the same machine for different repositories, then add the key sec on the local git config, edit .git/config file:
[user]
        name = <Your name here>
        email = <email address from the GPG key>
        signingkey = <sec id from your key>
[commit]
        gpgsign = true
  • The settings above can be accomplished by editing the .git/config file or using git commands:
git config user.name <Your name here>
git config user.email <email address form the GPG key>
git config commit.gpgsign true
git config user.signingkey <key sec here>
  • If you don’t have gpgsign flag enabled, when you commit, you can ask git to sign the commit with git commit -S -m "Initial commit"
  • If you don’t want to use the -S flag all the time, you can also enable signing globally with git config --global commit.gpgsign true
  • If you get an error similar to secret key not available, then you might want to set your gpg program globally as gpg2: --global gpg.program gpg2

Tags: programmingsoftware-engineeringgpggit

Archives

  1. January 2025
  2. The Cost of Slow Pipelines - A Tale of Wasted Time
  3. December 2024
  4. Keeping Software Simple to speed up Software Development
  5. October 2024
  6. The Kanban Café - A Story of Flow
  7. A Story on Accidental Complexity in Software Development
  8. February 2024
  9. Maximizing Software Development Productivity: The Power of Flow and Minimizing Interruptions
  10. December 2023
  11. Clean Code in Java: Writing Code that Speaks
  12. Clean Code in Java: A concise guide
  13. Understanding Value Objects in Java: A Brief Guide
  14. August 2023
  15. Must Have on Message Payload
  16. Centralised Management System For Message Schemas
  17. Consuming RabbitMQ Messages with Clojure: A Step-by-Step Tutorial with Tests
  18. January 2023
  19. Running a Spring Boot service with kubernetes
  20. December 2022
  21. Hosting a PWA with Jekyll and Github pages
  22. November 2022
  23. Global Day of Code Retreat
  24. Facilitating a mini Code Retreat
  25. October 2022
  26. The Curse of Optional
  27. September 2022
  28. Testing Spring Boot Microservices - Presentation
  29. March 2022
  30. TDD Workshop
  31. February 2022
  32. Value Objects in Java
  33. Efficient Java
  34. January 2022
  35. Spring Boot testing - Focus on your changes
  36. Product users - Personas
  37. December 2021
  38. Write code fit for testing
  39. November 2020
  40. Running a Spring Boot app with kubernetes
  41. September 2019
  42. Setup GPG on Mac and sign git repositories
  43. July 2019
  44. Running a Clojure Pedestal application on Raspberry Pi model B revision 2
  45. Clojure from zero to hero (part 3) - First endpoint
  46. Clojure from zero to hero (part 2) - A bit of syntax
  47. June 2019
  48. Clojure from zero to hero (1) - explaining project.clj
  49. Clojure from zero to hero (0) - creating a Pedestal app
  50. November 2017
  51. Introduction to Docker
  52. April 2015
  53. Git micro commits
  54. July 2014
  55. Google Glass Development - setup tools, environment and turn on debugging on Glass
  56. June 2013
  57. How To: Get the rendered HTML of a webpage with Python
  58. Set union of two lists in Python