1.6 KiB
Set Up GPG Signing Key
I wanted to have that "Verified" icon start showing up next to my commits in GitHub. To do that, I need to generate a GPG key, configure the secret key in GitHub, and then configure the public signing key with my git config.
# generate a gpg key
$ gpg --full-generate-key
# Pick the following options when prompted
# - Choose "RSA and RSA" (Options 1)
# - Max out key size at 4096
# - Choose expiration date (e.g. 0 for no expiration)
# - Enter "Real name" and "Email"
(I matched those to what is in my global git config)
# - Set passphrase (I had 1password generate a 4-word passphrase)
It may take a few seconds to create.
I can see it was created by listing my GPG keys.
$ gpg --list-secret-keys --keyid-format=long
[keyboxd]
---------
sec rsa4096/1A8656918A8D016B 2025-10-19 [SC]
...
I'll need the 1A8656918A8D016B portion of that response for the next command
and it is what I set as my public signing key in my git config.
First, though, I add the full key block to my GitHub profile which I can copy like so:
$ gpg --armor --export 1A8656918A8D016B | pbcopy
And then I paste that as a new GPG Key on GitHub under Settings -> SSH and GPG Keys.
Last, I update my global git config with the signing key and the preference to sign commits:
git config --global user.signingkey 1A8656918A8D016B
git config --global commit.gpgsign true
Without commit.gpgsign, I would have to specify the -S flag every time I
want to create a signed commit.