Git: Secure Committing with GPG
· Git
Introduction
Ensure the security of your commits by following these simple steps to set up GPG key signing. Add an extra layer of protection to your Git repositories with this quick and easy guide.
Step 1: Install Necessary Packages
Start by installing the required packages, GnuPG, and pinentry:
sudo pacman -S gnupg pinentryStep 2: Generate a GPG Keypair
Generate a GPG keypair with the following command. Follow the prompts and enter information consistent with your GitHub/GitLab/Codeberg/Gitea account:
gpg --full-generate-key- Choose RSA for enhanced security.
- Opt for a key size of 4096 for better security.
- Set the key expiration (0 for no expiration).
- Enter information matching your account details.
- Set a passphrase for the GPG keys.
Step 3: Retrieve the Public Key
Get your GPG key’s information using the following command:
gpg --list-secret-keys --keyid-format LONGCopy the GPG key ID (the sec value, not ssb). Now, obtain the PGP Public Key:
gpg --armor --export <GPG_KEY_ID>Copy the displayed GPG Public key.
Step 4: Add GPG Key to Your Account
For Git repositories, the steps are essentially the same. Log in to your account, navigate to the GPG section, and paste the GPG Key.
Step 5: Verify Your Public GPG Key
In the same section, find a “Verify” button. Copy the provided command line, paste it into your terminal, copy the output, and paste it back into the verification section. Your GPG Key should now be verified.
Step 6: TTY Session
Before proceeding, ensure the active session can use the GPG key, Add into ~/.zshrc:
export GPG_TTY=$(tty)Step 7: Git Configuration Setup
Configure Git to use your GPG key:
git config --global user.signingkey <GPG_KEY_ID>
git config --global commit.gpgSign trueReplace <GPG KEY ID> with your actual GPG key ID.
Step 8: Commit a Message
When committing, Git will prompt for the passphrase associated with your GPG key, adding an extra layer of security:
git commit -S -m "commit message"Ensure this commit is made with the corresponding Public Key.