GPG management submission signature verification

About submitting signature verification

You can sign, submit and mark locally , So that others can confirm that your work comes from a trusted source . If submitted or marked with password verifiable GPG or S/MIME Signature , be GitHub Submit or mark as verified .

If the submission or token has an unverifiable signature , be GitHub Submit or mark as unverified .

install GPG Command line tools

GPG Not installed by default on OS X or Windows On . To install GPG Command line tools , see also GnuPG Download page .

It can also be used. too Homebrew To install brew install gnupg

Check the existing GPG secret key

It's generating GPG Before the key , You can check if there are any existing GPG secret key .

$ gpg --list-secret-keys --keyid-format LONG

Check the command output to see if there is GPG Key pair .

• without GPG Key pair , Or you don't want to use any key pairs that can be used to sign submissions and tags , be Generate a new GPG secret key .
• If there is an existing GPG The key pair and you want to use it for signature submission and marking , be take GPG Key added to GitHub account .

Generate a new GPG secret key

If there is no existing GPG secret key , You can generate new GPG Key for signature submission and marking .

1. Generate GPG Key pair

   $ gpg --full-generate-key
    Copy code 

2. When prompted , Specify the type of key to generate , Or by Enter The key accepts the default RSA and RSA.

3. Enter the required key length . The key must be at least 4096 position .

4. Enter the valid duration of the key . Press Enter Key will specify the default selection , Indicates that the key will not expire .

5. Verify that your choice is correct .

6. Enter your user ID Information .

7. Enter the security code .

8. List the people whose public and private keys you have GPG secret key . Private key required for signature submission or marking . In this case ,GPG secret key ID yes 0B4436F611DCD0EC

   $ gpg --list-secret-keys --keyid-format LONG
    /Users/xsky/.gnupg/pubring.kbx
    ------------------------------
    sec   rsa4096/0B4436F611DCD0EC 2021-01-06 [SC]
          B9476F6DF471A45A0CFDF9710B4436F611DCD0EC
    uid                 [  absolute  ] linsheng (Github key) <[email protected]>
    ssb   rsa4096/15B24F4064D2384D 2021-01-06 [E]
    Copy code 

9. Generate GPG The key

   $ gpg --armor --export 0B4436F611DCD0EC
    Copy code 

10. Copy GPG secret key , from -----BEGIN PGP PUBLIC KEY BLOCK----- Start , To -----END PGP PUBLIC KEY BLOCK----- end .

newly added GPG Key to GitHub account

You want to configure GitHub Use a new account （ Or existing ）GPG secret key , You also need to add it to GitHub account .

1. In the upper right corner of any page , Click your profile photo , And then click Settings（ Set up ）.

2. In the user settings sidebar , single click SSH and GPG keys（SSH and GPG secret key ）.

3. single click New GPG key（ new GPG secret key ）.

4. stay "Key"（ secret key ） Field , Paste in Generate a new GPG secret key Copied when GPG secret key .

   

5. single click Add GPG key（ add to GPG secret key ）.

6. To confirm the operation , Please enter your GitHub password .

Inform... Of your signature key Git

To sign the submission locally , You need notification Git You want to use GPG secret key .

1. stay Git Set in GPG Signature key , Please paste the following text , Replace the... You want to use GPG secret key ID. In this case ,GPG secret key ID yes 0B4436F611DCD0EC：

$ git config --global user.signingkey 0B4436F611DCD0EC

1. If not used GPG Suite, Please paste the text below to GPG Key added to your bash The configuration file ：

   $ test -r ~/.bash_profile && echo 'export GPG_TTY=$(tty)' >> ~/.bash_profile
   $ echo 'export GPG_TTY=$(tty)' >> ~/.profile
    Copy code 

   ** notes ：** If you don't .bash_profile, This command will GPG Key added to .profile.

2. If you accidentally exit while encrypting , An error will be reported during encryption : error: gpg failed to sign the data, At this time to run gpgconf --kill gpg-agent restart gpg-agent

Sign the submission

have access to GPG Sign the submission locally . All submissions are signed by default in any local repository on the computer , Please run

$ git config --global commit.gpgsign true

To store GPG Key password , So that you don't have to enter this password every time you sign a submission , We recommend using the following tools ：

• about Mac user ,GPG Suite Allows you to Mac OS Stored in the key chain GPG Key password .
• about Windows user ,Gpg4win Will work with others Windows Tool Integration .

1. When changes are committed in the local branch , Please put S Logo added to git commit command ：

   $ git commit -S -m your commit message

2. If you use GPG, After creating the submission , Provide you Generate GPG secret key The password set when .

3. After the creation submission is completed locally , Push it to GitHub Remote warehouse on ：git push

4. See more details about verified signatures , Please click on the Verified（ Verified ）.