How to: Signing commits with Git in macOS

Setting up auto signing of Git commits in macOS is easy. First up, install some stuff from Homebrew:

brew install gnupg pinentry-mac

Then generate your key by running gpg --gen-key and following the prompts.

To get your key, run

gpg --list-secret-keys --keyid-format LONG 

and you'll get something like this:

sec   rsa4096/472244687FB324F3 2017-08-05 [SC] [expires: 2020-08-05]
uid                 [ultimate] Nathan Hoad <[email protected]>
ssb   rsa4096/BB48946161D479D3 2017-08-05 [E] [expires: 2020-08-05]

The important bit is the 472244687FB324F3 next to the 'sec' and 'rsa4096/' (note - 'rsa4096' will be different if you created a different key type). Copy whatever your key is.

Run these (substituting with your key):

git config --global user.signingkey 472244687FB324F3
git config --global commit.gpgsign true

Open ~/.gnupg/gpg-agent.conf and enter this:

pinentry-program /usr/local/bin/pinentry-mac

Now, the first time you try to sign a commit it will ask you for your GPG passphrase. From there you can choose to save it in your keychain.

If you're using Visual Studio Code then you should be able to use the built in Git client like normal but now with signed commits.

Bonus points: Adding your GPG key to GitHub

Run this (substituting whatever your key was)

gpg --armor --export 472244687FB324F3 | pbcopy

This will copy your public key to the clipboard so that you can Add it to your GitHub account