使用GPG签名commit
$ brew install GPG 安装GPG
$ gpg --list-keys 查看GPG key
$ gpg --full-generate-key 生成GPG key
生成过程
$ rm -rf ~/.gnupg
$ gpg --full-generate-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: your real name
Email address: your email address
Comment:
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
public and secret key created and signed.
pub rsa4096 2018-01-11 [SC]
2******1
输入密码,8位以上且包含数字字母。
导出 GPG 公匙
$ gpg --armor --export 2******1
会在命令行看到公匙的文本:
-----BEGIN PGP PUBLIC KEY BLOCK-----
公匙code
-----END PGP PUBLIC KEY BLOCK-----
登录 Github 添加这个公匙,添加的入口在 Settings 下的 SSH and GPG Keys 里面
使用:
首先设置 Git 默认使用的 GPG Key ID。
$ git config user.email your email address
$ git config user.signingkey xxxxxxxx
$ git config commit.gpgsign true
Mac gnupg2 and gpg-agent 2.x 必须在 profile 预先执行 export GPG_TTY=$(tty) ,否则报错:error: gpg failed to sign the data
注意:不能删除 GPG keys
那么以前使用该 GPG keys
的 commit 都会变为 Unverified
状态!所以最好备份你的 GPG keys
!