Signing git commits with your GPG key

Posted on Mon 17 July 2017 in how-to

This one will be simple and short.

You're already using GPG to sign your emails?

Well, then simply sign your git commits as well!

To prepare this up globally 2 commands are enough:

git config --global user.email "you@example.org"
git config --global user.signingkey 00000000

If you want to sign commits with a different key and associated email address the commands can be used without --global in a git repository as well:

git config user.email "you@yourcompany.com"
git config user.signingkey FFFFFFFF

When committing changes -S must be added to the git commit command: git commit -S -m "some commit message"

Last but not least: if you're a bit lazy you might want to use a function for your fish shell.

Beside being trusted by your well known PGP key this also gives you a nice Verified-Box on GitHub:

github_pgp_signed_verified_example