how2: Using GPG on macOS without GPGTools
Wes Souza
Feb 22
Originally published at
Medium
on
Jan 15, 2019
ć»2 min read
I donāt like GPGTools. I want GPG on macOS. Every tutorial has some obsolete part. Hereās what I did.
GPGTools installs a lot of things that I donāt want to use. I just want to sign my commits on GitHub and save my GPG key in macOS keychain.
There are two main dependencies to achieve that, gnupg contains the GPG tools to generate keys and sign things, as well as an agent to do agent things; and pinentry-mac which is the part of GPGTools that prompts for your key password and stores it on the OS keychain.
GPG Setup
Before anything, install homebrew.
After that, install the dependencies:
brew install gnupg pinentry-mac
Then, letās generate your first key. I recommend using RSA and RSA, a key size of 4096, and not having the key expire. Remember to choose a strong password.
gpg --full-generate-key
Now you need to configure gpg-agent to use pinentry-mac by creating a file ~/.gnupg/gpg-agent.conf:
# Connects gpg-agent to the OSX keychain via the brew-installed
# pinentry program from GPGtools. This is the OSX 'magic sauce',
# allowing the gpg key's passphrase to be stored in the login
# keychain, enabling automatic key signing.
pinentry-program /usr/local/bin/pinentry-mac
Then, sign a test message so pinentry-mac can store your password in the keychain:
echo "test" | gpg --clearsign
This should open a dialog prompting your password. Remember to check āSave in Keychainā.
Connecting to GitHub
First, copy your private key to add to GitHub:
gpg --export --armor your@email.here | pbcopy
And paste it in GitHubās Settings > SSH and GPG keys > New GPG key.
Second, configure your git environment to use signed commits. Iāve done it globally. First obtain your public GPG keys:
$ gpg --list-secret-keys
(...)
sec rsa2048 2019-01-15 [SC]
YOUR_GPG_KEY_APPEARS_HERE
uid [ultimate] Your Name <your@email.here>
ssb rsa2048 2019-01-15 [E]
Then configure git:
git config --global commit.gpgsign true
git config --global user.signingkey YOUR_GPG_KEY
And finally, commit something with the-S argument to make sure itās signed:
git commit -S -m "Testing GPG signature"
Troubleshooting
Things you can try if things are not working:
# Kill gpg-agent
killall gpg-agent
# Run gpg-agent in daemon mode
gpg-agent --daemon
Cover photo by Micah Williams on Unsplash.
Sore eyes?
dev.to now has dark mode.
Select night theme in the "misc" section of your settings ā¤ļø
WesleydeSouza
WesSouza
wes.dev
59
61
Trending on 
Automated Jenkins builds on GitHub pull request
Push git cloned repository to your own on GitHub
Would anyone be interested if I started a video series on Dev.to?
To comment or not to comment?
How do Devs spend their weekends?
Why Clean Code is Empathetic Code
Writing Good Source Control Commit Messages
Why you should not use (long-lived) feature branches
Auth With Twitter
Auth With GitHub