Signing git commits
Check your Git platform to ensure SSH signing is supported
ssh-keygen -t ed25519 -C $(git config --global user.email) -f ~/.ssh/id_ed25519 -q -N ""
# Copy key to clipboard (macOS command)
pbcopy <~/.ssh/id_ed25519.pubgit config --global commit.gpgsign true
git config --global user.name <your name>
git config --global user.email <your email>
git config --global user.signingkey ~/.ssh/id_ed25519.pub
git config --global gpg.format sshAdd your ssh key to a supported remote, e.g. GitHub, changing key type to signing key.
brew install gnupg pinentry-mac
# Optionally use key from Keybase
brew cask install keybase# With existing Keybase
keybase pgp export | gpg --import
keybase pgp export -q <keyid> --secret | gpg --import --allow-secret-key-import
# With new GPG key
gpg --full-generate-key# List keyid
gpg --list-secret-keys --keyid-format LONG
# Copy key to clipboard
gpg --armor --export <keyid> | pbcopy
# Add to GitHub
open https://github.com/settings/gpg/newgit config --global user.signingkey <keyid>
git config --global gpg.program $(which gpg)
git config --global commit.gpgsign true
# ~/.zshrc or similar
export GPG_TTY=$(tty)
# ~/.gnupg/gpg-agent.conf
pinentry-program /usr/local/bin/pinentry-mac
# ~/.gnupg/gpg.conf
no-tty
use-agentRestart GPG agent
# Kill agent, it will start again when needed
gpgconf --kill gpg-agentTest GPG signing
Pinentry-mac should popup, allowing you to save your password to the keychain. Otherwise, restart the agent and try again.
# Test GPG signing
echo "test" | gpg --clearsignError messages
Inappropriate ioctl for device can usually be fixed by adding export GPG_TTY=$(tty) to the top of your profile.