Skip to content
This repository has been archived by the owner on Jun 9, 2018. It is now read-only.

mikroskeem/signedcommits

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

Signed commits

I am signing my commits now! Yay!

Why?

"GPG keys are a way to sign and verify work from trusted collaborators.". (source)

And also that verified tag looks nice.

How?

Note: not exactly step-by-step tutorial, just a tiny summary.

See https://help.github.com/articles/signing-commits-with-gpg/

I personally set signing up with subkey. If you want to do exactly like I did, then:

  • Create new 4096bit RSA subkey
  • Save changes
  • Get key id by gpg --keyid-format long --list-keys
  • Optionally do your usual hackery to keep only subkey in your machine (quite many tutorials recommend you to keep gpg keys offline)
  • Put public key to your clipboard using gpg --armor --export <your email> | xsel -ib and paste it into GPG key box in GitHub.
  • Set your signing key and make git sign commits automatically using git config --global user.signingkey <key id> and git config --global commit.gpgsign true
  • Push new commits to your repos and enjoy verified tag

About

I sign commits now

Topics

github pizza gpg secure sign trust

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published