Is today the day you are signing your commits but still experienceing the dreaded amber "unverified' tag on them? I have a solution that worked for me to fix that issue.
First run this command via the command line to see which keys already exist: gpg --list-secret-keys --keyid-format=long
You should get a list of the keys that you have previously generated.
Make sure the email that is being used in your key on GitHub is the correct email in git by running this command: git config --list
The output of user name, email and key should match what is in your GPG key on GitHub:
user.name=Margeaux Spring
user.email=youremailhere
user.signingkey=yourgpgkey
If there is an email mismatch, your signed commits are still being tagged as โunverifiedโ on GitHub, and you will need to add the correct email found via the step above with this command:
git config --global user.email youremailhere
You cannot assume that git will use the same email for storing and signing the commit.
You can also add more than one email to a key like this:
1. gpg --list-secret-keys --keyid-format=long
2. gpg --edit-key YOURKEYTOEDITHERE
3. a gpg prompt should appear, then you type adduid
and press enter
4. add the email you need to when prompted
5. after you have followed all the prompts, enter save
at the gpg prompt
6. now enter gpg --armor --export YOUREDITEDKEY
7. copy and paste the entire block that appears in your terminal, from and including:
-----BEGIN PGP PUBLIC KEY BLOCK----- to -----END PGP PUBLIC KEY BLOCK-----
Next, go to GitHub and click on Settings->SSH & GPG Keys, delete the old key, click the green New GPG Key button, paste in the key you have copied from your terminal output previously and click save.
Your commits should now be automagically verified.
Top comments (0)