Setting up GPG Signing for GitHub on Mac

by Zach Silveira • 

I know you want to have a verified badge like this next to your commits on github. On one hand, it's awesome. If you're not famous and aren't verified on Twitter, this feels almost as cool. The second reason is because you're reading this article!

Setting up gpg keys can be a little annoying. Even if you follow the simple steps to generate one and let git know about it, you're going to be stuck typing a password on every commit if you don't setup an agent to handle adding it to your keychain for you. I've followed a couple different guides across multiple computers to end up with a combination of them in this guide. With that being said, get started by having homebrew installed, and we'll go from there.

brew install gpg2

The following is straight from GitHub

gpg --gen-key

gpg --list-secret-keys --keyid-format LONG

If you're confused about finding your key id, check step 11.

gpg --armor --export KEY_ID

Copy the output from above and add it to GitHub

git config --global commit.gpgsign true

git config --global user.signingkey KEY_ID

The following was found from this guide. After running the above commands, git will sign commits with your key. You just have to setup pinentry so that you wont have to type your password on every commit.

brew install gpg-agent pinentry-mac

Enable agent the agent:

echo "use agent" >> vi ~/.gnupg/gpg.conf

Setup agent:

vi ~/.gnupg/gpg-agent.conf

Paste these lines:

use-standard-socket  
pinentry-program /usr/local/bin/pinentry-mac  

Link pinentry and agent together:

vi ~/.profile # or other file that is sourced every time Paste these lines:

if test -f ~/.gnupg/.gpg-agent-info -a -n "$(pgrep gpg-agent)"; then  
  source ~/.gnupg/.gpg-agent-info
  export GPG_AGENT_INFO
  GPG_TTY=$(tty)
  export GPG_TTY
else  
  eval $(gpg-agent --daemon --write-env-file ~/.gnupg/.gpg-agent-info)
fi  

That's it! After sourcing your bashrc or zshrc (source ~/.zshrc) or restarting your terminal, run a git commit. You should be prompted to type in your password and check the box to store it in your keychain. All further commits will be auto signed!

Hopefully I'll have a more interesting post next week, this week has just been insane for me.

zach.codes newsletter

If you liked this post, please consider subscribing to my semi-weekly newsletter!