Commit signing - Pull-Request-Club/PRC GitHub Wiki

This is not specific to this project (and could be a short blog post), but still is here for reference for now. It's not necessary for contributing to PRC but is recommended.

• Install GnuPG2

  sudo apt-get install gnupg2
  

• Generate a new key if you don't have already

  gpg2 --full-gen-key
  

  • These would be enough: RSA (sign only), 4096, 6m (three months)

• If you want to see details of your key, run

  gpg2 --list-secret-keys --keyid-format LONG
  

• Copy key ID (Xs in 4096R/XXXXXXXXXX is the ID), then run

  gpg2 --armor --export KEYID
  

• Paste output to https://github.com/settings/gpg/new to add your key to GitHub

• Additionally, you can paste the same output to http://pgp.mit.edu/ too.

• Add following to your ~/.gnupg/gpg.conf for auto-pulling public keys for auto verification. Note that this will slow down git commands with signatures: If it finds the key, subsequent commands will be fast. If it can't find the key, it will be slow each time.

  keyserver hkp://pool.sks-keyservers.net
  keyserver-options auto-key-retrieve