📍Git Commits

Add tamper resistance to repository by signing git commits.

TL;DR

Run these commands if you already have a GPG Key Pair.

# Find your key ID
gpg --list-secret-keys --keyid-format=long

Run the following for your preferred shell:

Z Shell

[ -f ~/.zshrc ] && echo 'export GPG_TTY=$(tty)' >> $HOME/.zshrc
echo "alias sign='git commit -s -m'" >> $HOME/.zshrc

Bash

[ -f ~/.bashrc ] && echo 'export GPG_TTY=$(tty)' >> ~/.bashrc
echo "alias sign='git commit -s -m'" >> $HOME/.bashrc

Installation Details

Create Your GPG Key Pair

If you have no GPG key, you will need to create one.

Export the Public Key

You'll need to tell GitHub about your credentials which means giving them your public key. To retrieve your key, execute:

gpg --list-secret-keys --keyid-format=long

Now print the public key from the previous step to the terminal.

gpg --armor --export ACADE3679FCE5492

Your key will print to the terminal. Copy everything, including -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

mQMuBGKgXt0RCACiF0C5N0FuKodOg+5c6wCcWPmJlvJCU3i4qlT9+nMuQ1aoZnP6
ajGXy6GCbVkWVcBicmoO/zmiIhJTkofqNjDm97A0xSldknAWBGBoxPMDEnzeAUUf
NDbUgf59xhFdEqey+KesjkTAD3iHNmPIB8+Paz7Z+uZUL/Ej0Gn/r/aPNLaw2yYK
p4FvjNEf78RuwyN16qP+sbwIRHmyga2ngikm2eXIGdJWVbYEqyZy3p0xcorHryAV
htbw7qQzNFYhMf7IGfSfvw1olvbN89BI00LScpv6icBTLzGaN0Vx5MDSM+TBJagz
jOMIAn+MXTAy2517YgR5UgWp1JnHpIuPoHWLAQDed2Ayrx9ZWgYAn8gwiRvnvQ4f
PY4BUcKMtsVC1DTYOwf7BhADuCOJ6n2OOIGcJzDLplaytsBYxDryTnKRi5vBNFl/
AiV4gudNnt4YSut2EyEAxMPPp/cYf2zRfzhdJ9bspyKzphOgAUsumkK5qCzQA5Zp
htsCCEn3DyEyOW1URtYplhqNloWD2J2bLzYBp+ObGfghylpDmXp3Dta6RpIaE0B8
2aQwjDsc3XmdvqXb5ws9IQoSuy/vMMjqlBKAvCGQjnidZ11jOAG+TZ7xGw3B28hX
zeT6JgvpPpGknD+RtRYDeMj+Q9clt7hudKW7RMPeOuob7msRMef8e0nL3rz7VH6H
rHtW0NIoYy26E0Eciep4lCh752Sss8Iiyico5oPypQf8CuPukAceDdj6IIg0Sa3y
cLsfBrw7YrN7K1h26FVFP3vkYq1JSDl+Kg1pSv3DCLlkDZRxDwvAdbliAlbyF1cu
FD6utxE2U9lGWZfp+RfYaofAdB/0lme3ZEWbwbmwtvjtsZYcarvrHG+iLamPNKi8
u5h7wgiwRMHyZhAH4lx0GQXQfEEJ2yUZ/jjBEXtC+PTlCa/qnpBxiI0427obx2jj
vOCNzi1Si2mDnyPy7qr3D9ixdPCTBAGR4I2paMgWoQDMy1RONzTrTcHl5POV4rw9
FYkn57ld1OA+YCI6Mu9G+PNLY700cLii8wv0iMgcJxxQfooWEOvo8cd9Dvmy7fIM
xbRES2VubmV0aCBTaHVsdHogKEdhZGdldCBFbmdpbmVlcmluZyBEaXJlY3Rvcikg
PGtzaHVsdHpAcGVybWl0emlwLmNvbT6IewQTEQgAIwUCYqBe3QIbAwcLCQgHAwIB
BhUIAgkKCwQWAgMBAh4BAheAAAoJEKyt42efzlSSQAcA/j2FNXb5APYa1tnpnG9P
+AEKiTcKfPA5BvMalS3f7ZrTAP4iSfnBuUvO8PlKooHSi1lOYn5oaiZSUW+6ityo
XI5+XbkCDQRioF7dEAgAiW5xVJG6nBoAc/ixWSQWWRcdJP/OpfnNXiGOjoAETnv0
xT5/6s5PN31AAm61lXUFAVxjLr3DFOAk6ASOVORX6JTAMS1OwFQzJuMg/61/md0Y
xQ9oAHnzkDqZMj6A5vjhH3+nzayV/Sz8MRPFxa/F+Oa6ucYW2MjUWEMqcrXGCQKL
mtekgNru+ypNlHFn214y6Ba1hIM5Cuz9rfrRsvlZii1hW1B+VkZeVWzoILc3emWc
q0MrgL0MxIMu+O1ofECHZjOOFjylinhAeuOgvu5gXek+iPejrXkuiXj1PRJ8ywbG
N8tJUh8+HL9UMlpkv/CrBUl2CSW2hyU0/55TOJ0dEwADBQf7B1Gt1sa9Jh2NUb+K
nZbjkzPp+tDIw88Dh/A35xt5Tv1lRPzE89FnAYAoOGSd3hOe+4yYsJ7Lq8iyAHWI
ynv210TJNWrq30/l5SPBiRLp9dlg4k1euuNA6XwklYXGJXMJtmn3Fu0SzaeAcKR0
Mq4sSAGVVu8C3Rwvn9tRfGl/Yo9X76aHHJXGa9BxW8pI0PswXHxMHzH5GDZR37eU
6G3IAB44oKU5BYZAjk7NCeDTqinXJXPfK2KO6ME8QKFCFCYWeJnaXF7JassMGhVP
R7dk0ppgx8Inj90sBqWuobzaH6gi6L46aHR/MTASTcA5O6BNO8M5J6KXuMAKMYtE
TcHd54hhBBgRCAAJBQJioF7dAhsMAAoJEKyt42efzlSSEFgBAImUOxNfJUZDhLn3
He+WZE3uBNg+FpnLcQDXJl0zz35mAQDDmstvtvy2aOwKjzbD/SC2qjaKiiDbs7W2
G27bPWIzSw==
=z96n
-----END PGP PUBLIC KEY BLOCK-----

Add GPG Key to GitHub

GitHub needs to know your public credentials in order to verify each of your signed commits. Follow the steps shown here to add your key to GitHub.

Configure Shell Profile

Let's add two things to execute for each new shell session:

an alias that simplifies signing commits
add your GPG key to the shell environment

echo "alias sign='git commit -s -m'" >> $HOME/.zshrc
[ -f ~/.zshrc ] && echo 'export GPG_TTY=$(tty)' >> ~/.zshrc

Make sure to start a new shell session after you add these!

Configure Git Profile

Tell git you'll be signing commits. Navigate to an existing repository and execute:

git config --global commit.gpgsign true
git config --global user.signingkey YOUR-KEY-ID

Signing Commits

You're ready to start signing your work!

Here's what it looks like to sign a commit:

git commit -S -m "your commit message"
# Creates a signed commit
# You will be prompted for your password

Signing Shortcut Command

The alias we added to the shell profile offers a signing shortcut named sign.

Example: sign "your commit message"

PreviousTamper Resistance NextReference Materials

Last updated 1 year ago