Install GPG.
sudo apt-get update && sudo apt-get install gnupg -y
Generate a GPG key.
gpg --full-generate-key
The default prompts are probably sufficient, but going for more security (like 4096-bit security) probably won’t hurt. After you get through creating the key, it’ll automatically be imported into your trusted key list.
Next, get your GPG key fingerprint.
gpg --fingerprint YOUR_GPG_KEY_NAME
Next, go into your Git project directory and configure it with your name, email, and GPG signing key.
git config user.name YOUR_NAME
git config user.email YOUR_EMAIL
git config user.signingkey YOUR_GPG_KEY_FINGERPRINT
You can sign your commits by adding the -S
flag.
git commit -S
Or you can configure your project to sign your commits by default:
git config commit.gpgsign true
You can also add the --global
flag to your git config
commands to set the configuration globally instead of for just one project.
git config --global commit.gpgsign true