this manual for macOS (tested on Big Sur)
- install Gnu Version of GPG for macOS
brew install gnupg
brew install pinentry-mac
1.1. Find pinentry-mac installation path
% which pinentry-mac
/opt/homebrew/bin/pinentry-mac
1.2. Setup pinentry
cat >> ~/.gnupg/gpg-agent.conf << EOF_
pinentry-program /opt/homebrew/bin/pinentry-mac
EOF_
1.3. restart gpg-agent
killall -1 gpg-agent
- Generate private and public part of key
gpg --gen-key
Enter pass phrase twice (should leave it empty in order PyCharm work)
- Print out keys list
gpg --list-secret-keys --keyid-format LONG
/Users/dmitriev/.gnupg/pubring.kbx
----------------------------------
sec rsa3072/5B34A94A1139F75E 2021-03-04 [SC] [ годен до: 2023-03-04]
B15A5B729A67752D7AA0F5645B34A94A1139F75E
uid [ абсолютно ] Ilia Dmitriev <your.email.address@gmail.com>
ssb rsa3072/318B84706760C3D7 2021-03-04 [E] [ годен до: 2023-03-04]
- add this key to git config
git config --global user.signingkey <key id>
git config --global user.signingkey 5B34A94A1139F75E
- add variable GPG_TTY to your shell this variable points to your tty
echo 'export GPG_TTY=$(tty)' >> ~/.zshrc
source ~/.zshrc
env | grep GPG_TTY
- print out public key part
gpg --armor --export your.email.address@gmail.com
- add public key part to github setting
- https://github.com/settings/keys
- press
New GPG key
button - paste your public key and press
Add GPG key
- use
-S
option to sing your commit explicitly
git commit -S -m 'Signed commit'
- show signature in commit log
git log --show-signature
- show signature of defined commit
git show <commit id> --show-signature
- disable tty and activate agent daemon
cat >> ~/.gnupg/pgp.conf << _EOF
no-tty
use-agent
_EOF
- to cache key pass phrase run once
gpg --status-fd=2 -bsau <keyid> << _EOF
Test message
_EOF
Enter pass phrase
- make key trustable
(echo 5; echo y; echo save) | gpg --command-fd 0 --no-tty --no-greeting -q --edit-key <key id> trust
- remove password from key
(echo save) | gpg --command-fd 0 --no-tty --no-greeting -q --edit-key <key id> passwd
- enable all commit signing
git config --global commit.gpgsign true