Git Commits Signed with GPG Key

Overview

Set up your environment to automatically sign git commits with your personalized key, verifying your work in the repository.

Instructions

Step 1: Generate a key

Create a gpg key, as your asurite user: gpg --full-generate-key

Accept default options, fill in your name, email and set a passphrase with your key.

$ gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: William Nolastname
Email address: wnolast@asu.edu
You selected this USER-ID:
    "William Nolastname <wnolast@asu.edu>"

gpg: /home/[asurite]/.gnupg/trustdb.gpg: trustdb created
gpg: key A8BDEFD1 marked as ultimately trusted
public and secret key created and signed.

Step 2: List all your geenrated keys

$ gpg --list-keys
/home/[asurite]/.gnupg/pubring.gpg
-------------------------------
pub   2048R/A8BDEFD1 2022-02-24
uid                  William Nolastname <wnolast@asu.edu>
sub   2048R/CDF1031F 2022-02-24

Step 3: Set up your git config to use your new key

$ git config --global user.name "William Nolastname"
$ git config --global user.email "[asurite]@asu.edu"
$ git config --global user.signingkey A8BDEFD1
$ git config --global commit.gpgsign true

Step 4: Generate your public GPG key:

$ gpg --armor --export [asurite]@asu.edu
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

mQENBG1ykGysgbVzD03vzHwHc9HEMXAvVJ1ykGyher8aflVeGQecsgbsgbVz3AmB
gb7OfYb09er7CBKo0QwKpKb4CQoPqDTz3dFtVAFrcJhgnOoQvtSjcsOqneKXBxLP
...snip...
yIVmA89vZTKSIOpdnQQbv7ji56EgCErH9X1ykGyher8mgERsi+8TTYjh0p9pPj0N
NvCMSLMsgbVzhvaBU5z0Dsgq9QLb2gi5agXzFQByhP7m4JU3ZARU2urFdZRBteQr
2EboC6FEXijvhFGC2Ol78FK+6pjLB1I7Tvlxn2Dd
=+1Rf
-----END PGP PUBLIC KEY BLOCK-----

Step 5: Copy Key

Take the ---BEGIN PGP PUBLIC KEY BLOCK--- all the way to ---END PGP PUBLIC KEY BLOCK--- and paste it into your user profile: git.rc.asu.edu

GitLab GPG Keys Interface

Step 6: Optional

If you set a passphrase (you should have), you can configure the passphrase to be typed in in your current session window:

$ export GPG_TTY=$(tty)
$ echo "export GPG_TTY=\$(tty)" >> ~/.bash_profile

From now on, each commit you make from this system will be signed with your key.

Overview​

Instructions​

Step 1: Generate a key​

Step 2: List all your geenrated keys​

Step 3: Set up your git config to use your new key​

Step 4: Generate your public GPG key:​

Step 5: Copy Key​

Step 6: Optional​