Get gpg Program on Windows#
- using scoop:
scoop intsall gpg - also comes with
git-bash:/bin/gpg
To change pin entry dialog language set user environment variable LANG to en:
- Win+R,
rundll32.exe sysdm.cpl,EditEnvironmentVariables - Control Panel / User Accounts / Change my environment variables
Generate GPG Key#
- Run command:
gpg --full-generate-key
- Enter key options
- Enter signer info:
- name
- email (GitHub verified, or GitHub no-reply)
- comment
- Get key id (used to configure git):
gpg --list-secret-keys --keyid-format long- find a section of the key by name, email
- on the top row:
sec ed25519/<key id> <date>
- Generate public key (used on GitHub):
gpg --armor --export <key id>
NOTE: to make keys to work on linux add export GPG_TTY=$(tty) to .bashrc or .profile
Configure git#
Now configure git with info about:
- who signs (GitHub email)
- with what key (key id)
- with what program (optional if default program is not the same that generated key)
Something like this:
git config --local user.email <email>
git config --local user.signingkey <key id>
git config --global gpg.program <path to gpg executable>
or use conditional git config
To verify git config:
git config -l --localgit config -l --scow-scope --show-origin
NOTE:
- it’s written to add
commit.signandtag.sign, but without them commits also are signed (I guess it’s for more control to what sign and what not) - to explicitly sign commit pass:
git commit -Sm "..." - to debug commit signing:
GIT_TRACE=1 git commit ...
Add GPG Key to GitHub#
- Go to GitHub new GPG key settings page
- Paste complete public like:
-----BEGIN PGP PUBLIC KEY BLOCK----- ... -----END PGP PUBLIC KEY BLOCK-----