Configuring Git and GPG
After installing git, you need to add git's binary path to the PATH environment, located in %ProgramFiles%\Git\usr\bin.
GPG Key
Create new key
Generate a key: gpg --default-new-key-algo rsa4096 --gen-key. After that, check again with this command: gpg --list-secret-keys --keyid-format LONG, result example:
$ gpg --list-secret-keys --keyid-format LONG
/c/Users/fmaktum/.gnupg/pubring.gpg
-----------------------------------
sec rsa4096/E170165D27E434C2 2018-07-22 [SC] [expires: 2022-07-23]
FE428E022494CC3ED85ACDD3E170165D27E434C2
uid [ultimate] Fakhrulhilal Maktum <fakhrulhilal@gmail.com>
uid [ultimate] Fakhrulhilal Maktum <fakhrulhilal@outlook.com>
uid [ultimate] [jpeg image of size 13093]
ssb rsa4096/C0D8267ED759FC4B 2018-07-22 [E] [expires: 2022-07-23]
in that case, key ID is 3AA5C34371567BD2.
Next, we need to associate with the email address. To do that, we need to edit first by this command: gpg --edit-key 3AA5C34371567BD2
gpg> adduid
Real name: Fakhrulhilal Maktum
Email address: fakhrulhilal@outlook.com
Comment:
You selected this USER-ID:
"Fakhrulhilal Maktum <fakhrulhilal@outlook.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
Optionally, we can add the picture (suggested to use 240x288)
gpg> addphoto
After all changes, we can know save it
gpg> save
Extending Expired Public Key
You need to edit the key by using this command: gpg --edit-key:
gpg> expire
Changing expiration time for a subkey.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Sun Jul 24 06:36:28 2022 SEAST
Is this correct? (y/N) y
sec rsa4096/E170165D27E434C2
created: 2018-07-22 expires: 2023-07-23 usage: SC
trust: ultimate validity: ultimate
ssb* rsa4096/C0D8267ED759FC4B
created: 2018-07-22 expires: 2022-07-23 usage: E
[ultimate] (1). Fakhrulhilal Maktum <fakhrulhilal@gmail.com>
[ultimate] (2) Fakhrulhilal Maktum <fakhrulhilal@outlook.com>
[ultimate] (3) [jpeg image of size 13093]
gpg> key 1
sec rsa4096/E170165D27E434C2
created: 2018-07-22 expires: 2023-07-23 usage: SC
trust: ultimate validity: ultimate
ssb rsa4096/C0D8267ED759FC4B
created: 2018-07-22 expires: 2022-07-23 usage: E
[ultimate] (1). Fakhrulhilal Maktum <fakhrulhilal@gmail.com>
[ultimate] (2) Fakhrulhilal Maktum <fakhrulhilal@outlook.com>
[ultimate] (3) [jpeg image of size 13093]
gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Sun Jul 24 06:36:36 2022 SEAST
Is this correct? (y/N) y
sec rsa4096/E170165D27E434C2
created: 2018-07-22 expires: 2022-07-23 usage: SC
trust: ultimate validity: ultimate
ssb rsa4096/C0D8267ED759FC4B
created: 2018-07-22 expires: 2022-07-23 usage: E
[ultimate] (1). Fakhrulhilal Maktum <fakhrulhilal@gmail.com>
[ultimate] (2) Fakhrulhilal Maktum <fakhrulhilal@outlook.com>
[ultimate] (3) [jpeg image of size 13093]
The first key is for extending primary key, the second command is for extending sub encryption key.
Backup GPG Key
The easy way to backup all keys is by copy-paste the database
- public keys:
%UserProfile%\.gnupg\pubring.gpg - secret keys:
%UserProfile%\.gnupg\secring.gpg - trust db:
%UserProfile%\.gnupg\trustdb.gpg
GPG manual suggests this command to backup trust db: gpg --export-ownertrust > gpg-owner-trust.txt.
To backup individual key:
- public key:
gpg --armor --export E170165D27E434C2 > public.gpg - secret key:
gpg --armor --export-secret-key E170165D27E434C2> secret.asc
Or you can use the email address instead of the key ID, f.e. git --armor --export fakhrulhilal@gmail.com > public.gpg. Note that, secret key always contains public key.
We can also publish the GPG key to public server with this command: gpg --keyserver [server address] --send-keys fakhrulhilal@gmail.com. Some notable PGP public key servers:
- pgp.mit.edu
- pgp.key-server.io
- keyserver.pgp.com
Import/Restore GPG Key
Importing secret key (along with public key): gpg --import fakhrulhilal@gmail.com.asc. After that, import all owner trust: gpg --import-ownertrust gpg-owner-trust.txt. Alternatively, we can trust by each key:
$ gpg --edit-key fakhrulhilal@gmail.com
gpg> trust
Your decision? 5 (Ultimate trust)
Sharing GPG key to public key server
Below is currently active keyservers:
- pgp.mit.edu
- keyserver.ubuntu.com
- keys.openpgp.org
- keyserver1.pgp.com
To upload the key using gpg command, use gpg --keyserver the_server --send-keys E170165D27E434C2. Another way is by uploading manually to them. So we need to go their website and upload the key, commonly, they accept ASCII version of public key (gpg --export --armor E170165D27E434C2)
Associating Git with GPG
Setting GPG key for git commit
Set the key by using this command: git config user.signingkey E170165D27E434C2. And then we can sign the commit by -S option. Alternatively, we can force all commit to be signed using this command git config commit.gpgsign true, so we don't have to specify -S parameter each time committing the change.
Uploading public key to github
First, we need to backup the public key as follows: gpg --armor --export E170165D27E434C2 > fakhrulhilal.gpg
- Login to your github account
- Go to menu Settings > SSH and GPG keys
- Add new gpg key
- Copy-paste from
fakhrulhilal.gpgcontent then save it
Top comments (0)