Skip to content

Latest commit

 

History

History
122 lines (100 loc) · 2.5 KB

GPG.md

File metadata and controls

122 lines (100 loc) · 2.5 KB
Raw

How-To setup pgp commit signing using git/github

this manual for macOS (tested on Big Sur)

installation

  1. install Gnu Version of GPG for macOS
brew install gnupg
brew install pinentry-mac

1.1. Find pinentry-mac installation path

% which pinentry-mac  
/opt/homebrew/bin/pinentry-mac

1.2. Setup pinentry

cat >> ~/.gnupg/gpg-agent.conf << EOF_
pinentry-program /opt/homebrew/bin/pinentry-mac
EOF_

1.3. restart gpg-agent

killall -1 gpg-agent
  1. Generate private and public part of key
gpg --gen-key

Enter pass phrase twice (should leave it empty in order PyCharm work)

  1. Print out keys list
gpg --list-secret-keys --keyid-format LONG
/Users/dmitriev/.gnupg/pubring.kbx
----------------------------------
sec   rsa3072/5B34A94A1139F75E 2021-03-04 [SC] [   годен до: 2023-03-04]
      B15A5B729A67752D7AA0F5645B34A94A1139F75E
uid               [  абсолютно ] Ilia Dmitriev <your.email.address@gmail.com>
ssb   rsa3072/318B84706760C3D7 2021-03-04 [E] [   годен до: 2023-03-04]
  1. add this key to git config git config --global user.signingkey <key id>
git config --global user.signingkey 5B34A94A1139F75E
  1. add variable GPG_TTY to your shell this variable points to your tty
echo 'export GPG_TTY=$(tty)' >> ~/.zshrc
source ~/.zshrc
env | grep GPG_TTY
  1. print out public key part
gpg --armor --export your.email.address@gmail.com
  1. add public key part to github setting

git command line usage

  1. use -S option to sing your commit explicitly
git commit -S -m 'Signed commit'
  1. show signature in commit log
git log --show-signature
  1. show signature of defined commit
git show <commit id> --show-signature

PyCharm/IntelliJ IDEA

  1. disable tty and activate agent daemon
   cat >> ~/.gnupg/pgp.conf << _EOF
   no-tty
   use-agent
   _EOF
  1. to cache key pass phrase run once
gpg --status-fd=2 -bsau <keyid> << _EOF
Test message
_EOF

Enter pass phrase

  1. make key trustable
(echo 5; echo y; echo save) | gpg --command-fd 0 --no-tty --no-greeting -q --edit-key <key id> trust
  1. remove password from key
(echo save) | gpg --command-fd 0 --no-tty --no-greeting -q --edit-key <key id> passwd
  1. enable all commit signing
git config --global commit.gpgsign true