Preface

Setting up a GPG key for Git will confirm the password you configured each time you commit, and display a Verified flag in GitHub’s Commit to mark that the commit was actually done by you, and not by someone else.

Tutorials

System Environment

OS version: Windows 10 X64 IDE used: Intellij IDEA

Installation

Click here to download and install GPG Tools, follow the instructions in the image below to download the installer

Generate a new key

First, we need to generate a GPG key with a personal message.

Generate the key

1
1gpg --full-generate-key
  1. first GPG will ask what type of encryption key to generate, just press enter, the default is RSA and RSA method
  2. Ask for the number of bits in the key, enter 4096 and press enter (GitHub only accepts 4096 bits and above for better security)
  3. Ask for the expiration time of the key, we generally do not want the key to expire, just press enter to default not to expire
  4. Ask “Is this correct?” to confirm that the information entered is correct, then type y and enter.

Enter personal information

Once you’ve verified that your information is correct, you’ll need some more personal information.

  1. Ask for Real name, fill in your English name and enter to submit it (it can be different from your GitHub username)
  2. Ask for your Email address. Make sure to fill in the email address that you have verified in GitHub.
  3. Ask for Comment, and in the comments, fill in GitHub Key (you can fill in whatever you want)
  4. Press o and enter to save your changes

image

Set password

After setting the personal information, your computer will pop up a password input window, enter the same password twice to set the password for the key (be sure to remember the password)

image

generation is finished

Wait for the certificate generation to finish (if the generation is slow, you can press some random letters in the terminal and slide the mouse twice to provide some random entropy to the key generation)

Bind the key to GitHub

Enter the command to get your GPG Key ID

1
gpg --list-secret-keys --keyid-format LONG

Find the uid line with the same information you just set, and find your GPG Key ID in the sec line above the uid line.

image

Exporting the complete public key

Use the command

1
gpg --armor --export [GPG Key ID]

image

It generates a very long public key that starts with -----BEGIN PGP PUBLIC KEY BLOCK----- and ends with -----END PGP PUBLIC KEY BLOCK----- (including these two lines)

to put the public key in GitHub

Go to GitHub and access your user settings screen

image

Find the SSH and GPG Keys tab and click on the New GPG key button (don’t make a mistake, don’t make a mistake, don’t make a mistake)

image

Paste the public key and save it

image

image

Binding Keys to Local Git

IDEA calls the local Git, so you can configure Git directly with the GPG Key.

to make sure you have the correct email set for Git

Use the command git config --global user.email to see what email address is currently being used for your git commands, and if it’s not correct, update it with git config --global user.email "new email address".

Assigning a GPG Key ID to Git

Remember the GPG Key ID you just queried? Let git know that it should use that GPG Key.

1
git config --global user.signingkey [your GPG Key ID]

will sign all local Commits with GPG by default

You can temporarily use GPG for signing by adding the -S parameter to the commit.

1
git config --global commit.gpgsign true

image

specifies the location of the GPG program.

Every time you commit Git, you need to look for your GPG Key in the GPG program. Since the program directory of the new GPG program has changed, the Git program may not find it and report an error.

1
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

The location of gpg.exe set in the text may be different from the location you installed, please check it carefully and set it.

Testing

With everything in place, make a Commit in your IDEA and Push to GitHub to try.

image

Each Commit requires the password of the authentication key for verification.

image

And try pushing it to GitHub.

image

image

The encryption was successful, awesome.