# List selected key
gpg --list-ley KEY_ID
# List all key with long format
gpg --list-keys --keyid-format LONG
3. Export the Public key to
Copy the output to your github account
gpg --armor --export KEY_ID
4. Edit your .gitconfig
Command:
git config --global --edit
Insert the following information
[user]
name = YOUR_NAME # Should be same as your commit name
email = YOUR_EMAIL # Should be same as your GitHub verification email and GPG uid email
signingkey = YOUR_SIGNING_KEY # your KEY_ID that you want to use
[gpg]
program = GPG_BINARY_PATH # usually in "/usr/local/bin/gpg"
[commit]
gpgsign = true
5. Setting on your shell
Insert this line to your shell
export GPG_TTY=$(tty)
Useful command
Edit the existing GPG key
gpg --edit-key KEY_ID
gpg> adduid #Add a new uid on your key
gpg> uid 1 #Select the uid 1
gpg> revuid #Revoke the selected uid from the key
gpg> save. #Save the modification
Test you GPG key
You may run this command first before using github desktop to commit anythings. Since github desktop CANNOT pop-up the GPG key passphase input dialog to the user, you need this command to unlock the GPG key first. After that the github deskop can package you commit with your GPG key without the passphase.
Here is a short guide that will help you setup your environment to create signed commits or signed tags with Git locally. This has been extensively tested on Windows with Git and the Github Desktop application: I use it every day for my professional development projects.
I you face any issue, feel free to leave a comment below.
Generate a GPG key and add it to Github: https://help.github.com/articles/generating-a-new-gpg-key (if you don’t want to type a passphrase on every commit, you need to press “Enter” when the console will prompt you to type a passphrase)
Open the .gitconfigconfiguration file by typing git config --global --edit in a terminal (since this file can exists in different places depending on your operating system, the command line will prompt git binary and open your default editor)
Configure Git by replacing GITHUB_EMAIL, SIGNING_KEY and GPG_BINARY_PATH with your own data:
GPG_BINARY_PATH: the GPG binary file path depending on your Git install and your operating system:
Windows: gpg, gpg.exe or C:\\Program Files\\Git\\usr\\bin\\gpg.exe (can be found using where gpg in a terminal)
Some system may contain multiple gpg binaries, in this case you can execute the following command line with PowerShell to use the more appropriate one: git config --global gpg.program $(Resolve-Path (Get-Command gpg | Select-Object -Expand Source) | Select-Object -Expand Path)
Mac or Linux: gpg or /usr/local/bin/gpg (can be found using which gpg in a terminal)
Enjoy signed commits with your favorite code editor, Github Desktop application, and even command line using git commit -S -m "Commit message" 🎉
Key passphrase
In order for GPG to automatically store your key passphrase (even empty), so you don’t have to enter it every time you sign a commit, Github recommend using the following tools:
This is necessary to let GPG launch the gpg-agent as a system daemon when signing commits.
Disable signatures
If you want to temporarily pause GPG signatures for your commits or tags, just set gpgsign = false in your .gitconfig configuration file with git config --global commit.gpgsign false(for commits) or git config --global tag.gpgsign false(for tags).
Renew a GPG key
If the key you have defined in the .gitconfig configuration file has expired, you can’t sign commits anymore. You can easily renew it by following these steps:
list the secrets keys with gpg --list-secret-keys
edit the key you want to renew with gpg --edit-key SIGNING_KEY (the GPG key used to sign commits, as defined in your .gitconfig configuration file)
gpg prompt is ready: you should see gpg>
type expire to select a new expiration delay and confirm
type trust to trust the selected key as “ultimate” (this step is not needed if your current key is already trusted as an “ultimate” key)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
run `git config –global gpg.program gpg2`, to make sure git uses gpg2 and not gpg
run `echo "test" | gpg2 –clearsign`, to make sure gpg2 itself is working
If that all looks all right, one next thing to try:
run `brew install pinentry` to ensure you have a good tool installed for passphrase entry
If after that install and you re-try git commit and still get the "failed to sign the data" error:
run `gpgconf –kill gpg-agent` to kill any running agent that might be hung
If that says gpgconf isn’t installed or doesn’t have a `–kill` option, you might try this:
`cp ~/.gnupg ~/.gnupg-GOOD` to save a copy of your `~/.gnupg` to revert to later if needed
`brew install gnupg21` to install `GnuPG 2.1`
The reason for saving a copy of your `~/.gnupg` dir is that GnuPG 2.1 potentially creates/changes some key data in way that isn’t backward-compatible with GnuPG 2.0 and earlier, so if you want to go back later, you can do `mv ~/.gnupg ~/.gnupg21 && mv ~/.gnupg-GOOD ~/.gnupg`.
Otherwise there are some basic steps to run to check you’ve got a working GnuPG environment:
run `gpg2 -K –keyid-format SHORT`, to check that you have at least one key pair
If the output of that shows you have no secret key for GnuPG to use, then you need to create one:
run `gpg2 –gen-key`, to have GnuPG walk you through the steps for creating a key pair
After enabling the “Keep my email addresses private” on GitHub, your old commit on each repo still retains your old commit email. You may want to modify all of the commit emails to your GitHub “no-reply” email. You may use the following method.
You can insert “.patch” at the end of the commit weblink to view the raw information of your commit. Here is the Example.
Procedure
1. Download the git repo in bare mode
git clone --bare https://github.com/user/REPO.git
cd REPO.git
2. Create the change_email.sh.sh file
vim change_email.sh
Copy the following lines, modify the OLD_EMAIL, CORRECT_NAME, CORRECT_EMAIL fields to your old email of git, git name and new email that you want to modify
#!/bin/sh
git filter-branch --env-filter '
OLD_EMAIL="your-old-email@example.com"
CORRECT_NAME="Your Correct Name"
CORRECT_EMAIL="your-correct-email@example.com"
if [ "$GIT_COMMITTER_EMAIL" = "$OLD_EMAIL" ]
then
export GIT_COMMITTER_NAME="$CORRECT_NAME"
export GIT_COMMITTER_EMAIL="$CORRECT_EMAIL"
fi
if [ "$GIT_AUTHOR_EMAIL" = "$OLD_EMAIL" ]
then
export GIT_AUTHOR_NAME="$CORRECT_NAME"
export GIT_AUTHOR_EMAIL="$CORRECT_EMAIL"
fi
' --tag-name-filter cat -- --branches --tags
3. Run the change_email.sh file
sh ./change_email.sh
4. Review the changes
Check the commit email whether the fix is applied.
Lester Work Space 