Notes: Using GPG to Sign Git Commits in VSCode

# log
kingzcheung
Published date:
Edit this post

This is a documentation record for the steps to sign Git commits with GPG and the issues encountered.

To sign Git commits with GPG, you need to follow these steps:

  1. Generate a GPG key pair
  2. Add the GPG public key to your personal account settings
  3. Associate it with your local Git repository
  4. Sign Git commits
  5. Verify the signature

Generate GPG Key Pair

Install GPG using the brew package manager. Linux seems to come with it pre-installed, and Windows users are on their own.

brew install gpg

Run the following command to generate a GPG key pair (public/private keys):

gpg --full-gen-key

This interactive command will guide you through the key generation process. The general flow is as follows:

  1. Key type: Select the key type to use, or press Enter to choose the default.
  2. Elliptic curve: Press Enter to select the default elliptic curve Curve 25519.
  3. Expiration: Specify the key validity period as needed, or press Enter to choose the default of never expiring.
  4. Email address: Must be an email address configured in your Github account.

List the created GPG keys:

gpg --list-secret-keys --keyid-format LONG "your_email"

You’ll see something like this:

sec   ed25519/4AEA00A342C24CA3 2021-09-14 [SC]
      6DE3507E82DEB6E8828FAAC34AEA00A342C24BD4
uid                 [ultimate] your_name "your_email"
ssb   cv25519/812B586FD245B560 2021-09-14 [E]

4AEA00A342C24CA3 is the id.

Export the public key for this ID:

gpg --armor --export 4AEA00A342C24CA3

Add it to your Github account settings.

Association

Run the following command to associate with your Git repository:

git config --global user.signingkey 4AEA00A342C24CA3

When committing from the command line, add the -S parameter to enable signing:

git commit -S -m "your commit message"

Or enable automatic signing:

git config --global commit.gpgsign true

VSCode GPG Signing

To enable GPG signing in VSCode, add the following configuration to your settings.json:

{
  "git.enableCommitSigning": true,
}

Linux is 100% compatible and doesn’t need any special handling.

Windows and macOS have issues where the gpg program may not be able to invoke the password input dialog in certain shells or outside of them.

Since I do less development on Windows, I haven’t solved this problem yet. I always commit through the shell.

Here’s how to handle it on macOS:

  1. Allow gpg to use gpg-agent
echo 'use-agent' >> ~/.gnupg/gpg.conf
  1. Install pinentry-mac, which is a GPG password input component for macOS.
brew install pinentry-mac
  1. Configure pinentry-mac for gpg
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
  1. Start gpg-agent
killall gpg-agent

After this, when committing in VSCode, the password input dialog will appear.

Share
Previous
使用 Rust 在 ESP32S3 上实现 DHT11 温湿度传感器数据到 ST7789 屏幕显示
Next
随笔:vscode 中使用 gpg 签名 git commit