TheLazy.Dev
Portfolio GitHub

Blog

gpg |git

Generating a GPG key to your GitHub

spiffyeight77

SpiffyEight77

Posted on June 11, 2023

Generating a GPG key to your GitHub

What is GPG

GPG (GNU Privacy Guard) is an open-source software used for encrypting and signing data. GPG uses asymmetric encryption technology where the cryptographic keys are divided into two parts: a public key and a private key. The public key is used to encrypt data and only the user holding the private key can decrypt it. The private key is used for digital signature which proves that the data indeed comes from a specified sender and has not been tampered with.

Why recommend to use GPG to protect your git commit

There is a risk of Git commit being impersonated because it does not have default authentication mechanisms. If someone knows your name and email address, they can impersonate your commits in the Git repository, which can damage your reputation or lead to improper behavior in your name.

To avoid this, you can use GPG signatures to authenticate Git commits.

Setup GPG in mac

Install GPG 

brew install gnupg
Enter fullscreen mode Exit fullscreen mode

Generate key pair

All step set to default

gpg --full-generate-key --expert

Please select what kind of key you want:
   (1) RSA and RSA
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
   (9) ECC (sign and encrypt) *default*
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (13) Existing key
  (14) Existing key from card
Your selection?
Enter fullscreen mode Exit fullscreen mode

Export key

Check the exiting key 

gpg --list-secret-keys --keyid-format LONG

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
[keyboxd]
---------
sec   ed25519/XXXXXXXXXXXX 2023-05-28 [SC]
      XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
uid                 [ultimate] SpiffyEight77
ssb   cv25519/XXXXXXXXXXXX 2023-05-28 [E]
Enter fullscreen mode Exit fullscreen mode

Export the public key 

gpg --armor --export XXXXXXXXXXXX
Enter fullscreen mode Exit fullscreen mode

And then past it into GitHub SSH and GPG keys setting.

Setting the environment to the shell 

echo 'export GPG_TTY=$(tty)' >> ~/.zshrc && source ~/.zshrc
Enter fullscreen mode Exit fullscreen mode

Allow git to use the GPG key for signing 

git config --global user.signingkey XXXXXXXXXXXXX

git config --global commit.gpgsign true
Enter fullscreen mode Exit fullscreen mode

Export for backup (optional)

To export the public and secret key for backup and please keep it in a safe place

gpg --armor --output gpg_sec_key.gpg --export XXXXXXXXXXX
gpg --armor --output gpg_sec_key.gpg --export-secret-keys XXXXXXXXXXX
Enter fullscreen mode Exit fullscreen mode
💖 💊 🙅 ðŸšĐ
spiffyeight77
SpiffyEight77

Posted on June 11, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Git: Set Up Commit Signing with GPG ✅
git Git: Set Up Commit Signing with GPG ✅

November 19, 2024

Essential 19 Git Commands Every Software Engineer Should Know
git Essential 19 Git Commands Every Software Engineer Should Know

October 10, 2024

Essential Guide to Mastering Git Tags
git Essential Guide to Mastering Git Tags

August 13, 2024

āļ§āļīāļ˜āļĩ sign commit āļ”āđ‰āļ§āļĒ GPG āļšāļ™ GitHub
gpg āļ§āļīāļ˜āļĩ sign commit āļ”āđ‰āļ§āļĒ GPG āļšāļ™ GitHub

August 19, 2024

āļ§āļīāļ˜āļĩ sign commit āļ”āđ‰āļ§āļĒ GPG āļšāļ™ Gitlab
signingkey āļ§āļīāļ˜āļĩ sign commit āļ”āđ‰āļ§āļĒ GPG āļšāļ™ Gitlab

August 18, 2024