Spaces:
Runtime error
Runtime error
added instructions for configuring GPG to accounts
Browse files
GPG.md
ADDED
|
@@ -0,0 +1,58 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
Setting up a GPG (GNU Privacy Guard) key for signing your commits is a good way to secure your work and prove that the commits are indeed from you. Here's a step-by-step guide to setting up a GPG key on a Unix-like system:
|
| 2 |
+
|
| 3 |
+
### Step 1: Install GPG
|
| 4 |
+
If you don't already have GPG installed, you can install it using your package manager. For example, on Debian-based systems, use:
|
| 5 |
+
```bash
|
| 6 |
+
sudo apt-get install gnupg
|
| 7 |
+
```
|
| 8 |
+
|
| 9 |
+
### Step 2: Generate a GPG Key Pair
|
| 10 |
+
```bash
|
| 11 |
+
gpg --full-generate-key
|
| 12 |
+
```
|
| 13 |
+
Follow the prompts to generate your key pair. You’ll need to specify the kind of key you want, the key size (a 4096-bit key is recommended), and the duration the key should be valid. You will also need to provide your name and the email address associated with your Git commits.
|
| 14 |
+
|
| 15 |
+
### Step 3: List GPG Keys
|
| 16 |
+
Once you've generated your GPG key, list your keys by typing:
|
| 17 |
+
```bash
|
| 18 |
+
gpg --list-secret-keys --keyid-format=long
|
| 19 |
+
```
|
| 20 |
+
|
| 21 |
+
Look for the key that matches your Git commit email.
|
| 22 |
+
|
| 23 |
+
### Step 4: Get the GPG Key ID
|
| 24 |
+
Take note of the GPG key ID of the key you just created. It's the part after the `/` in the `sec` line.
|
| 25 |
+
|
| 26 |
+
### Step 5: Export the GPG Key
|
| 27 |
+
```bash
|
| 28 |
+
gpg --armor --export YOUR_GPG_KEY_ID
|
| 29 |
+
```
|
| 30 |
+
Replace `YOUR_GPG_KEY_ID` with the ID you found in the previous step. This will print your GPG key in the ASCII armor format, which you'll need to copy.
|
| 31 |
+
|
| 32 |
+
### Step 6: Add the GPG Key to Your GitHub Account
|
| 33 |
+
- Go to your GitHub settings.
|
| 34 |
+
- Click on "SSH and GPG keys".
|
| 35 |
+
- Click on "New GPG key".
|
| 36 |
+
- Paste your GPG key into the text area and save.
|
| 37 |
+
|
| 38 |
+
### Step 7: Configure Git to Use Your GPG Key
|
| 39 |
+
```bash
|
| 40 |
+
git config --global user.signingkey YOUR_GPG_KEY_ID
|
| 41 |
+
```
|
| 42 |
+
|
| 43 |
+
### Step 8: Sign Your Commits
|
| 44 |
+
To sign a commit, you just need to add `-S` to your `git commit` command:
|
| 45 |
+
```bash
|
| 46 |
+
git commit -S -m "Your commit message"
|
| 47 |
+
```
|
| 48 |
+
|
| 49 |
+
### Step 9: Tell Git to Sign All Your Commits
|
| 50 |
+
If you want to sign all your commits by default, you can configure Git to do so:
|
| 51 |
+
```bash
|
| 52 |
+
git config --global commit.gpgsign true
|
| 53 |
+
```
|
| 54 |
+
|
| 55 |
+
### Step 10: Push Your Commit to GitHub
|
| 56 |
+
When you push your signed commit to GitHub, it should now show up as "Verified".
|
| 57 |
+
|
| 58 |
+
Remember to always keep your private key secure and never share it with anyone. If you forget your passphrase, you will lose access to anything encrypted with your private key, so keep it in a safe place.
|