DEV Community

loading...

Using Keybase GPG to sign git commits and tags

johanbove profile image Johan Bové Originally published at social.johanbove.info on ・1 min read

With the Keybase application installed on the "Windows Subsystem for Linux" command line, export the pgp Keybase key and import it into the local gpg keychain:

$ gpg --list-secret-keys --keyid-format LONG
$ keybase pgp pull johanbove
$ git config --global user.signingkey B6A8D5E8
$ keybase pgp export -q 4AAE11D0B6A8D5E8 | gpg --import
$ keybase pgp export -q 4AAE11D0B6A8D5E8 --secret | gpg --allow-secret-key-import --import
$ echo "test" | gpg --clearsign

Enter fullscreen mode Exit fullscreen mode

I also had to add this code into the ~/.bashrc file to make the gpg passphrase prompt work in WSL:

# enable passphrase prompt for gpg
export GPG_TTY=$(tty)

Enter fullscreen mode Exit fullscreen mode

Setting the trust level of the imported key:

$ gpg --list-keys
$ gpg --edit-key E44E71105E920276ED1693294AAE11D0B6A8D5E8

Enter fullscreen mode Exit fullscreen mode

Following the instructions in gpg.

Signing a git tag:

$ git tag -s v1.0.0 -m "Release v1.0.0 signed"

Enter fullscreen mode Exit fullscreen mode

Verifying the git tag:

$ git tag -v v1.0.0
Enter fullscreen mode Exit fullscreen mode

Sources:

Discussion (1)

pic
Editor guide