Probably one of the easiest things you'll ever do with gpg
Install Keybase: https://keybase.io/download and Ensure the keybase cli is in your PATH
First get the public key
keybase pgp export | gpg --import
Next get the private key
keybase pgp export --secret | gpg --allow-secret-key --import --batch
Verify progress:
gpg --list-secret-keys
Looks for something like
sec rsa4096 2020-12-13 [SC] [expires: 2036-12-09]
949C136CBCEC9E530C4C0096B114505B3A2A9CA0
uid [ unknown] Juan C. Mendez <[email protected]>
uid [ unknown] Juan C. Mendez <[email protected]>
uid [ unknown] Juan C. Mendez <[email protected]>
uid [ unknown] Juan C. Mendez <[email protected]>
uid [ unknown] Juan C. Mendez <[email protected]>
ssb rsa4096 2020-12-13 [E] [expires: 2036-12-09]
The email address should match your Github email.
The 949C136ABCEC9E530C4C0096B114505B3A2A9CA0 (key hash) is what you need next. By default this key is untrusted, so we'll fix that.
To edit trust:
$ gpg --edit-key 949C136ABCEC9E530C4C0096B114505B3A2A9CA0
gpg> trust
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
There are many levels of trust so choose what you're comfortable with.
$ git config --global user.signingkey 949C136ABCEC9E530C4C0096B114505B3A2A9CA0
$ git config --global commit.gpgsign true
Now add it to your Github profile:
gpg --armor --export 949C136ABCEC9E530C4C0096B114505B3A2A9CA0 | pbcopy
Add it to your GitHub profile under Settings/SSH and GPG keys.
Replace pbcopy with clip or xclip for your current platform.
Use gpg agent if you don't want to enter the password every time.
View signed commits with : git log --show-signature -1