DEV Community

amogh2019
amogh2019

Posted on

GPG keys to display your commits with green tick!

Ref : https://docs.github.com/en/authentication/managing-commit-signature-verification

Managing commit signature verification
GitHub will verify GPG, SSH, or S/MIME signatures so other people will know that your commits come from a trusted source. GitHub will automatically sign commits you make using the GitHub web interface.

considering setup is from scratch

  • $ gpg --full-generate-key
  • 4096 length // 0 for no expiry // some passphrase
  • add your github account email only // use the no reply email if you are keeping email private
  • once generated, test if key is present // gpg --list-secret-keys --keyid-format=long
  • get the actual key using key id (from the above listing) // gpg --armor --export thekeyid(look for sec rsa4096/{id})
  • Copy your GPG key, beginning with -----BEGIN PGP PUBLIC KEY BLOCK----- and ending with -----END PGP PUBLIC KEY BLOCK-----.
  • add to github>settings>access>GPG key
  • tell git on local machine to sign commits using the gpg key created above // follow in 3rd part of this series i.e. next article

Top comments (0)