Signing your git commits

Install GPG.

sudo apt-get update && sudo apt-get install gnupg -y

Generate a GPG key.

gpg --full-generate-key

The default prompts are probably sufficient, but going for more security (like 4096-bit security) probably won’t hurt. After you get through creating the key, it’ll automatically be imported into your trusted key list.

Next, get your GPG key fingerprint.

gpg --fingerprint YOUR_GPG_KEY_NAME

Next, go into your Git project directory and configure it with your name, email, and GPG signing key.

git config YOUR_NAME
git config YOUR_EMAIL
git config user.signingkey YOUR_GPG_KEY_FINGERPRINT

You can sign your commits by adding the -S flag.

git commit -S

Or you can configure your project to sign your commits by default:

git config commit.gpgsign true

You can also add the --global flag to your git config commands to set the configuration globally instead of for just one project.

git config --global commit.gpgsign true


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s