cheatsheets

Generate a GPG key and add it to GitHub

GPG - GNU Privacy Guard

🚫 Caution

Never delete a GPG key once it has been added to GitHub.

Installation

# For macOS
brew install gpg

# For Linux (Debian/Ubuntu)
sudo apt install gnupg

# For Windows, use Gpg4win or install GPG via Chocolatey
choco install gnupg

Generate a GPG key

gpg --full-generate-key

Please select what kind of key you want:
(1) RSA and RSA
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(9) ECC (sign and encrypt) *default*
(10) ECC (sign only)
(14) Existing key from card
Your selection? 1

---

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096

---

Please specify how long the key should be valid.
    0 = key does not expire
<n>  = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) ENTER

---

Key does not expire at all
Is this correct? (y/N) y

---

GnuPG needs to construct a user ID to identify your key.

Real name: Piotr Kowalski
Email address: [email protected]
Comment:

---

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Please enter the passphrase to                       β”‚
β”‚ protect your new key                                 β”‚
β”‚                                                      β”‚
β”‚ Passphrase: ________________________________________ β”‚
β”‚                                                      β”‚
β”‚       <OK>                              <Cancel>     β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Choose: <OK>
(leave BLANK for NO password)

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ You have not entered a passphrase - this is in general a bad idea!                            β”‚
β”‚ Please confirm that you do not want to have any protection on your key.                       β”‚
β”‚                                                                                               β”‚
β”‚ <Yes, protection is not needed>                                    <Enter new passphrase>     β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Choose: <Yes, protection is not needed>

Add a GPG key to GitHub

Check if it works

gpg --verify

If you see the message:

gpg: Signature made Mon 06 Jun 2022 12:00:00 PM UTC
gpg:                using RSA key [__COPY_FROM_HERE__]
gpg: Good signature from "Piotr Kowalski <[email protected]>"

then everything is set up correctly.

How to use GPG to sign in the commits?

## Set the GPG program for Git
git config --global gpg.program "$(which gpg)"

## Set the GPG key for Git
git config --global user.signingkey GPG_KEY_ID

## Enable commit signing by default
git config --global commit.gpgsign true

## Enable tag signing by default
git config --global tag.gpgsign true

Resources