Setup GPG Key for Github Commits
In today's digital world, ensuring the security and integrity of our data is of utmost importance. One way to achieve this is by using encryption and digital signatures. GnuPG (GPG) is a widely used open-source encryption software that provides cryptographic privacy and authentication for data communication. This article will guide you through the process of setting up GPG on both macOS and Linux systems.
Install GnuPG based on Operating System
# Install GnuPG: Most Linux distributions come with GnuPG preinstalled. # If it's not already installed, use your package manager to install GnuPG. # For example, on Ubuntu or Debian-based systems, run the following command: sudo apt-get install gnupg pinentry # In-case of Redhat-based system, run the following command: sudo dnf install gnupg pinentry
# Install Homebrew: Homebrew is a popular package manager for macOS. # Open Terminal and run the following command to install Homebrew: /bin/bash -c \ "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" # Install GnuPG and pinentry-mac: Once Homebrew is installed, # run the following command to install GnuPG and pinentry-mac: brew install gnupg pinentry-mac
Create or modify the following configuration files to set up GPG:
**~/.gnupg/gpg.conf**: Open the file and add the following lines:
**~/.gnupg/gpg-agent.conf**: Open the file and add the following lines:
# Enables GPG to find gpg-agent use-standard-socket # Connects gpg-agent to the OSX keychain via the brew-installed # pinentry program from GPGtools. This is the OSX 'magic sauce', # allowing the gpg key's passphrase to be stored in the login # keychain, enabling automatic key signing. pinentry-program /opt/homebrew/bin/pinentry-mac
- User Profile configuration for GPG
**~/.bash_profile**: Open the file and add the following lines:
**~/.zprofile**: Open the file and add the following lines:
Generate GPG Keys
- Generate a key pair: Use the following command to generate your GPG key pair:
- Export the public key: Once the key pair is generated, you can export the public key using the key ID. Run the following command, replacing XXXXXX with your key ID:
The output will be your public key in ASCII-armored format, which can be shared with others.
Import existing GPG
Obtain the GPG key file: If you have the GPG key file (with a .asc or .gpg extension) from another source, make sure you have it available on your system.
Import the GPG key: Open your terminal and run the following command, replacing
with the path to your GPG key file:
The GPG key will be imported, and you will see the key details displayed in the terminal.
- Trust the imported key (optional): By default, imported keys are not trusted. If the key belongs to someone you trust, you can manually trust it. Run the following command, replacing
with the ID of the imported key (can be found in the output of the previous command):
- Verify the imported key: You can verify that the key has been successfully imported by running the command:
Configure Git to use GPG
To enable Git commit signing with your GPG key, run the following command, replacing
SHORT keyid format will show the key-id into short format just next to rsa algorithm.
4BF70A73 2021-09-08 [SC] [expires: 2037-09-04]
Restart the terminal: After making these configurations, it's recommended to restart the terminal for the changes to take effect.
- If you use Visual Studio Code, you can turn on signing by changing a setting.
Open VSCode, go to Preferences > Settings, and search for git.enableCommitSigning. Turn this setting on, and you’re good to go.
Test GPG Setup
To test your GPG setup, you can encrypt and decrypt a message. Run the following command, replacing
If everything is set up correctly, you should see the decrypted message "test" printed in the terminal.
Congratulations! You have successfully set up GPG on your macOS or Linux system. You can now use GPG for encryption, decryption, and signing of sensitive data, providing an extra layer of security to your digital communication. Remember to keep your private key secure and never share it with anyone.
Created: June 17, 2023 21:48:54