6. GPG signed commit - JohnyzHub/GIT GitHub Wiki

Download the tool

download and install gnupg or use the chocolatey package: gnupg and install with the command choco install gnupg -y

Generate GPG Key

Generate a GPG key pair:

gpg --full-generate-key
Select RSA and RSA
Choose 4096 bits
Left default expire in days (0)
Type name with surname
Type email address for GitHub account
Choose (o)kay
Type a strong secure passphrase and remember this secure passphrase for future use.

list the long form of the GPG keys : gpg --list-secret-keys --keyid-format=long

    eg:
    sec   rsa4096/F1C6630F06D0813E 2025-05-01 [SC]
    C18F99336914CA280250DCA7F1C6630F06D0813E
    uid    [ultimate] johnybashashaik (github gpg key setup) <Jo****haik@fo**na.com>
    ssb    rsa4096/A9AB3FE78A2F1575 2025-05-01 [E]

Setup key in Github account

    gpg --armor --export F1C6630F06D0813E   # Prints the GPG key ID, in ASCII armor format
    Copy your GPG key, beginning with -----BEGIN PGP PUBLIC KEY BLOCK----- and ending with -----END PGP PUBLIC KEY BLOCK-----
    Add the GPG key to GitHub account
    In the upper-right corner of any page on GitHub, click your profile photo, then click  Settings
    In the "Access" section of the sidebar, click  SSH and GPG keys
    Next to the "GPG keys" header, click New GPG key
    In the "Title" field, type a name for your GPG key
    In the "Key" field, paste the GPG key you copied
    Click Add GPG key
    If prompted, authenticate to your GitHub account to confirm the action	

Set GPG key in GIT account

To set your primary GPG signing key in Git:

    primary key: git config --global user.signingkey F1C6630F06D0813E
    or the sub key: git config --global user.signingkey A9AB3FE78A2F1575

Set GPG key in GIT Client

configure your Git client to sign commits by default for a local repository:

    git config --global commit.gpgsign true

Create signed commit

create signed commit, add the -S flag to the git commit command:

    eg: git commit -S -m "YOUR_COMMIT_MESSAGE"