Most guides online I found are hard and kinda confusing, so here is a very short and a clear guide on how to set up Git and sign commits.
Linux
gpg --full-generate-key --expert
(at your terminal), select (9) ECC and ECC
, (1) Curve 25519
, enter the expiration date of that key (you can leave it at 0
), enter your name and email (email must be the same with the service you have signed up to).gpg --list-keys
and copy that long number that is above your name and email and under ed25519 $DATE
(which will be your key ID)..gitconfig
.git config --global user.name "foobar"
and git config --global user.email "foo@bar.com"
(change the foobar to your name and email that you used in your PGP key) and git config --global user.signingkey foobar
and paste that long number you copied in step 1.2 instead of foobar. You can also add git config --global commit.gpgsign true
if you want to sign them by default instead of adding -s
every time you commit..gitconfig
and change the values to the PGP key (name, email, key ID) you created or had before.gpg --export --armor
which will print the armored version of your public key. Copy that and go to your account settings, PGP/SSH keys (names can vary), and paste that text that got exported. If your email was different than the one your PGP key has, it will give you an error saying that this account doesn't have an email connected to it which your PGP key has. You can either:
gpg --edit-key foobar
(where foobar is your key ID), type adduid
and enter new details (these will not override the old ones, but they will add a new name and email to the existing details).gpg --delete-secret-keys $Your_key_name
and create a new key.If you use VSCode or VSCodium, you can go to the settings, type gpg
at the settings filter and enable Git: Enable Commit Signing
.