Setup GPG on Mac and sign git repositories

Sep 10, 2019

Gnu Privacy Guard is an encryption software program that uses public-key cryptography for key exchange. More about it can be found on Wikipedia’s web page or on the official web page.

Using a GPG key to sign your commits allows Github/GitLab/BitBucket to show a nice Verified icon against your commit and also to show the key ID that was used for that commit. This is a safety feature that allows commit owners to prove that they authored the commit, or not authored, depending on the situation. This is necessary as anyone can create GitHub/GitLab/BitBucket accounts and pretend to be someone else by using their name.

In order to use it on Mac, a few easy steps are required:

  • Install the tools using Homebrew brew install gnupg2 pinentry-mac
    • GnuPG2 is the package with the GPG related tools
    • Pinentry-mac is used to capture the key passphrase when using the key
  • After successfull instalation, we need a small hack to make the gpg agent use pinentry-mac: echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
  • Restart the gpg-agent: killall gpg-agent
  • Create a new GPG key: gpg --full-generate-key
  • A few things to choose when generating a key:
    • Key kind: use (1), default
    • 4096 bits long
    • (0) key does not expire
    • Add your details (name, email, comment)
    • Choose a strong key passphrase that you can remember
  • List all the keys on the system: gpg --list-secret-keys
  • Grab the sec part, without the rsa/4096 and without the created date
  • Go to Github https://github.com/settings/keys and click New GPG key
  • Output the public key in ASCII gpg --armor --export <sec-part-here> and copy the output
  • Save the new key
  • To use this key globally, instruct git to use it: git config --global user.signingkey <sec part here>
  • If you have several GPG keys that you want to use on the same machine for different repositories, then add the key sec on the local git config, edit .git/config file:
[user]
        name = <Your name here>
        email = <email address from the GPG key>
        signingkey = <sec id from your key>
[commit]
        gpgsign = true
  • The settings above can be accomplished by editing the .git/config file or using git commands:
git config user.name <Your name here>
git config user.email <email address form the GPG key>
git config commit.gpgsign true
git config user.signingkey <key sec here>
  • If you don’t have gpgsign flag enabled, when you commit, you can ask git to sign the commit with git commit -S -m "Initial commit"
  • If you don’t want to use the -S flag all the time, you can also enable signing globally with git config --global commit.gpgsign true
  • If you get an error similar to secret key not available, then you might want to set your gpg program globally as gpg2: --global gpg.program gpg2

Tags: programmingsoftware-engineeringgpggit

Archives

  1. December 2024
  2. Keeping Software Simple to speed up Software Development
  3. October 2024
  4. The Kanban Café - A Story of Flow
  5. A Story on Accidental Complexity in Software Development
  6. February 2024
  7. Maximizing Software Development Productivity: The Power of Flow and Minimizing Interruptions
  8. December 2023
  9. Clean Code in Java: Writing Code that Speaks
  10. Clean Code in Java: A concise guide
  11. Understanding Value Objects in Java: A Brief Guide
  12. August 2023
  13. Must Have on Message Payload
  14. Centralised Management System For Message Schemas
  15. Consuming RabbitMQ Messages with Clojure: A Step-by-Step Tutorial with Tests
  16. January 2023
  17. Running a Spring Boot service with kubernetes
  18. December 2022
  19. Hosting a PWA with Jekyll and Github pages
  20. November 2022
  21. Global Day of Code Retreat
  22. Facilitating a mini Code Retreat
  23. October 2022
  24. The Curse of Optional
  25. September 2022
  26. Testing Spring Boot Microservices - Presentation
  27. March 2022
  28. TDD Workshop
  29. February 2022
  30. Value Objects in Java
  31. Efficient Java
  32. January 2022
  33. Spring Boot testing - Focus on your changes
  34. Product users - Personas
  35. December 2021
  36. Write code fit for testing
  37. November 2020
  38. Running a Spring Boot app with kubernetes
  39. September 2019
  40. Setup GPG on Mac and sign git repositories
  41. July 2019
  42. Running a Clojure Pedestal application on Raspberry Pi model B revision 2
  43. Clojure from zero to hero (part 3) - First endpoint
  44. Clojure from zero to hero (part 2) - A bit of syntax
  45. June 2019
  46. Clojure from zero to hero (1) - explaining project.clj
  47. Clojure from zero to hero (0) - creating a Pedestal app
  48. November 2017
  49. Introduction to Docker
  50. April 2015
  51. Git micro commits
  52. July 2014
  53. Google Glass Development - setup tools, environment and turn on debugging on Glass
  54. June 2013
  55. How To: Get the rendered HTML of a webpage with Python
  56. Set union of two lists in Python