Ref : https://docs.github.com/en/authentication/managing-commit-signature-verification
Managing commit signature verification
GitHub will verify GPG, SSH, or S/MIME signatures so other people will know that your commits come from a trusted source. GitHub will automatically sign commits you make using the GitHub web interface.
considering setup is from scratch
- $ gpg --full-generate-key
- 4096 length // 0 for no expiry // some passphrase
- add your github account email only // use the no reply email if you are keeping email private
- once generated, test if key is present // gpg --list-secret-keys --keyid-format=long
- get the actual key using key id (from the above listing) // gpg --armor --export thekeyid(look for sec rsa4096/{id})
- Copy your GPG key, beginning with -----BEGIN PGP PUBLIC KEY BLOCK----- and ending with -----END PGP PUBLIC KEY BLOCK-----.
- add to github>settings>access>GPG key
- tell git on local machine to sign commits using the gpg key created above // follow in 3rd part of this series i.e. next article
Top comments (0)