Signing and Verifying Git Commit

Detailed Steps

Create gpg key using either gpg tool or keybase

keybase pgp gen

Make sure your name & email address created using gpg, name & email address in ~/.gitconfig user part, primary email in the github are all matched.

Copy the public key to github.

Run this command to get public key

keybase pgp export

Open GPG keys / Add new in Github, then put the public key in the textarea, and click “Add GPG Key”

Configure ~/.gitconfig

Run this command to get “PGP Fingerprint”

keybase pgp list

Run this command to set signing key, make sure this user matched the git user mentioned above.

git config --global user.signingkey $gpg_fingerprint

$pgp_fingerprint is the PGP Fingerprint got using previous command.

Sign Commit

export GPG_TTY=$(tty)
git commit -S -m "Commit Message"

Reference

https://stackoverflow.com/questions/39494631/gpg-failed-to-sign-the-data-fatal-failed-to-write-commit-object-git-2-10-0 https://github.com/pstadler/keybase-gpg-github https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits https://gist.github.com/mort3za/ad545d47dd2b54970c102fe39912f305