Johan Bové

Posted on Jan 9, 2020 • Originally published at social.johanbove.info on Dec 17, 2019

Using Keybase GPG to sign git commits and tags

#git #keybase #pgp

With the Keybase application installed on the "Windows Subsystem for Linux" command line, export the pgp Keybase key and import it into the local gpg keychain:

$ gpg --list-secret-keys --keyid-format LONG
$ keybase pgp pull johanbove
$ git config --global user.signingkey B6A8D5E8
$ keybase pgp export -q 4AAE11D0B6A8D5E8 | gpg --import
$ keybase pgp export -q 4AAE11D0B6A8D5E8 --secret | gpg --allow-secret-key-import --import
$ echo "test" | gpg --clearsign

I also had to add this code into the ~/.bashrc file to make the gpg passphrase prompt work in WSL:

# enable passphrase prompt for gpg
export GPG_TTY=$(tty)

Setting the trust level of the imported key:

$ gpg --list-keys
$ gpg --edit-key E44E71105E920276ED1693294AAE11D0B6A8D5E8

Following the instructions in gpg.

Signing a git tag:

$ git tag -s v1.0.0 -m "Release v1.0.0 signed"

Verifying the git tag:

$ git tag -v v1.0.0

Sources:

Latest comments (1)

My Experience With GitHub Topic Branches

Samina Rahman Purba - Sep 30 '22

Azure DevOps pipelines shallow fetch =1 is now default

Kinga - Sep 29 '22

PGP - Encrypt/Decrypt file with Ruby on Rails (Part 3)

Humberto Arroyo - Sep 29 '22

The Git Commands I Use Every Day

Wade Zimmerman - Sep 17 '22

Timeless DEV post...

Git Concepts I Wish I Knew Years Ago

The most used technology by developers is not Javascript.

It's not Python or HTML.

It hardly even gets mentioned in interviews or listed as a pre-requisite for jobs.

I'm talking about Git and version control of course.

One does not simply learn git

DEV Community