Signing and Verifying Git Commit

Detailed Steps

Create gpg key using either gpg tool or keybase

keybase pgp gen

Make sure your name & email address created using gpg, name & email address in ~/.gitconfig user part, primary email in the github are all matched.

Copy the public key to github.

Run this command to get public key

keybase pgp export

Open GPG keys / Add new in Github, then put the public key in the textarea, and click “Add GPG Key”

Configure ~/.gitconfig

Run this command to get “PGP Fingerprint”

keybase pgp list

Run this command to set signing key, make sure this user matched the git user mentioned above.

git config --global user.signingkey $gpg_fingerprint

$pgp_fingerprint is the PGP Fingerprint got using previous command.

Sign Commit

export GPG_TTY=$(tty)
git commit -S -m "Commit Message"