Setup Github GPG key on Macbook (Mac OS)Setup Github GPG key on Macbook (Mac OS)
Updated at Apr 17, 2024
33 Views

Goal

Securing your Git commits with GPG keys adds an extra layer of authenticity and integrity to your codebase. Follow these steps to effortlessly generate, configure, and use GPG keys for signing your Git commits.

1. Generate Your GPG Key

Start by installing the GPG command-line tool. On macOS, you can use Homebrew for this:

brew install gnupg

Generate your GPG key, using the default settings. Set up a passphrase when prompted:

gpg --full-generate-key

2. Retrieve and Export Your GPG Key

To access your GPG key information, use the following command to list your secret keys:

gpg --list-secret-keys --keyid-format=long

Copy the portion labeled as “A111111111A11A11” (Example: ed25519/A111111111A11A11).

Export your GPG key in ASCII armor format:

gpg --armor --export A111111111A11A11

3. Configure GPG for Git

GitHub Setup

Navigate to your GitHub account’s Settings -> SSH and GPG keys. Add a new GPG key and paste the content of the previously exported public key.

Git Configuration

Inform Git about your signing key:

git config --global user.signingkey A111111111A11A11

Enforce GPG signature for all commits:

git config --global commit.gpgsign true

4. Enhance GPG Experience

Install GPG Suite to securely store your passphrase:

brew install --cask gpg-suite

5. Optimize GPG Environment

Edit your shell’s configuration file (e.g., ~/.zshrc) with elevated privileges:

sudo vim ~/.zshrc

Add the following line to the end of the file:

export GPG_TTY=$(tty)

Save the file and update the configuration:

source ~/.zshrc

6. Configure GPG Timeout

Adjust the GPG agent’s configuration to manage cache timeouts:

sudo vim ~/.gnupg/gpg-agent.conf

Add the following lines:

default-cache-ttl 34560000
max-cache-ttl 34560000

7. Sign Your Commits

Now you’re ready to sign your commits using your GPG key:

git commit -s -m 'your commit'

With these steps, you’ve seamlessly integrated GPG key generation, configuration, and commit signing into your Git workflow. Your commits are now backed by the assurance of cryptographic signatures, enhancing the security of your projects.