本文介绍如何使用GPG为Git提交签名,包括安装GPG、生成及管理密钥,并配置Git使用特定的GPG密钥进行签名验证。还介绍了如何在GitHub上添加GPG公钥。
使用GPG签名commit
$ brew install GPG 安装GPG
$ gpg --list-keys 查看GPG key
$ gpg --full-generate-key 生成GPG key生成过程
$ rm -rf ~/.gnupg
$ gpg --full-generate-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: your real name
Email address: your email address
Comment:
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
public and secret key created and signed.
pub rsa4096 2018-01-11 [SC]
2******1
输入密码,8位以上且包含数字字母。
导出 GPG 公匙
$ gpg --armor --export 2******1
会在命令行看到公匙的文本:
-----BEGIN PGP PUBLIC KEY BLOCK-----
公匙code
-----END PGP PUBLIC KEY BLOCK-----
登录 Github 添加这个公匙,添加的入口在 Settings 下的 SSH and GPG Keys 里面使用:
首先设置 Git 默认使用的 GPG Key ID。
$ git config user.email your email address
$ git config user.signingkey xxxxxxxx
$ git config commit.gpgsign trueMac gnupg2 and gpg-agent 2.x 必须在 profile 预先执行 export GPG_TTY=$(tty) ,否则报错:error: gpg failed to sign the data
注意:不能删除 GPG keys 那么以前使用该 GPG keys 的 commit 都会变为 Unverified 状态!所以最好备份你的 GPG keys!
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
