search

Use GPG keys

This page describes setting up identification details which can be used to verify code was written by you or software was released by you. GPG keys are used to sign code commits or code releases

hashtag
Generating a new key

hashtag
Generating a new key with Ubuntu

# on 18.04
gpg --full-gen-key;

# on 16.04/macOS
gpg --gen-key;

You will be asked for your name and email address. Note that the email address will be public, so use a masked email which both Github (can be found herearrow-up-right) and Gitlab (can be found in the Commit email sub-section herearrow-up-right) provides.

hashtag
Listing existing keys

gpg --list-secret-keys --keyid-format LONG

hashtag
Exporting the GPG key

Use cases: 1. Adding GPG keys to platformsarrow-up-right

hashtag
List the keys and get the key id

gpg --list-secret-keys --keyid-format LONG
# example output:
#   ...
#   sec   4096R/C4CC3911D49AB2D8 2020-01-07 [expires: 2021-01-07]
#               ^^^^^^^^^^^^^^^^
#               \-> the key id

hashtag
Export the pbulic key

hashtag
Adding GPG keys to platforms

hashtag
Adding GPG keys to Gitlab

Login to Gitlab and visit https://gitlab.com/profile/gpg_keysarrow-up-right. Run the steps in Exporting public keyarrow-up-right and paste the exported public key block in.

hashtag
Adding GPG keys to Github

Login to Github and visit https://github.com/settings/keysarrow-up-right. Run the steps in Exporting public keyarrow-up-right and paste the exported public key block in.

hashtag
Using GPG keys in Git

hashtag
Using a key on a per-repo basis

This method assumes that you would like to sign commits for only one repository

Step 1. The local Git configuration for a repository should be at .git/config, open it up and add:

Replace the signingkey value with the desired key ID from the output of the List the keys and get the key id sectionarrow-up-right.

You're done.

hashtag
Using one key to rule them all

This method assumes that you'd only like to generate one key and use them to sign ALL commits.

Step 1. Find the root .gitconfig by running:

The root .gitconfig is typically at ${HOME}/.gitconfig

Step 2. In the .gitconfig, add the following:

Replace the signingkey value with the desired key ID from the output of the List the keys and get the key id sectionarrow-up-right.

hashtag
Using the includeIf directive

This method assumes you have a local directory structure that mimics the SCM platform you're using. For example, a repository at https://github.com/zephinzer/wiki.joeir.net should be located at ${HOME}/github.com/zephinzer/wiki.joeir.net or ${HOME}/code/github.com/zephinzer/wiki.joeir.net

Step 1. Find the root .gitconfig by running:

The root .gitconfig is typically at ${HOME}/.gitconfig

Step 2. In the root .gitconfig, add the directive:

Step 3. Then create the file at ~/.github.com.gitconfig with the following content:

Replace the signingkey value with the desired key ID from the output of the List the keys and get the key id sectionarrow-up-right.

Step 4. Repeat steps 2-3 for as many SCM platforms as you are using

Note that if you, like me commit your dotfiles to a public repository for others to copy/paste as needed, it might be useful to use the include directive to include a path that isn't committed to your dotfiles such as:

You can chain other includeIf directives from your ~/.gitconfig.d file as needed to SCM platforms whose URLs are better left out of the public eye.

hashtag
Other Resources

PreviousUse GitNextUse Digital Ocean

Last updated