Signing and Verifying Git Commit
Detailed Steps
Create gpg key using either gpg tool or keybase
keybase pgp gen
Make sure your name & email address created using gpg, name & email address in ~/.gitconfig
user part, primary email in the github are all matched.
Copy the public key to github.
Run this command to get public key
keybase pgp export
Open GPG keys / Add new in Github, then put the public key in the textarea, and click “Add GPG Key”
Configure ~/.gitconfig
Run this command to get “PGP Fingerprint”
keybase pgp list
Run this command to set signing key, make sure this user matched the git user mentioned above.
git config --global user.signingkey $gpg_fingerprint
$pgp_fingerprint
is the PGP Fingerprint got using previous command.
Sign Commit
export GPG_TTY=$(tty)
git commit -S -m "Commit Message"
Reference
https://stackoverflow.com/questions/39494631/gpg-failed-to-sign-the-data-fatal-failed-to-write-commit-object-git-2-10-0 https://github.com/pstadler/keybase-gpg-github https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits https://gist.github.com/mort3za/ad545d47dd2b54970c102fe39912f305