How to: Signing commits with Git in macOS
Setting up auto signing of Git commits in macOS is easy. First up, install some stuff from Homebrew:
brew install gnupg pinentry-mac
Then generate your key by running gpg --gen-key
and following the prompts.
To get your key, run
gpg --list-secret-keys --keyid-format LONG
and you'll get something like this:
sec rsa4096/472244687FB324F3 2017-08-05 [SC] [expires: 2020-08-05]
uid [ultimate] Nathan Hoad <[email protected]>
ssb rsa4096/BB48946161D479D3 2017-08-05 [E] [expires: 2020-08-05]
The important bit is the 472244687FB324F3 next to the 'sec' and 'rsa4096/' (note - 'rsa4096' will be different if you created a different key type). Copy whatever your key is.
Run these (substituting with your key):
git config --global user.signingkey 472244687FB324F3
git config --global commit.gpgsign true
Open ~/.gnupg/gpg-agent.conf
and enter this:
pinentry-program /usr/local/bin/pinentry-mac
Now, the first time you try to sign a commit it will ask you for your GPG passphrase. From there you can choose to save it in your keychain.
If you're using Visual Studio Code then you should be able to use the built in Git client like normal but now with signed commits.
Bonus points: Adding your GPG key to GitHub
Run this (substituting whatever your key was)
gpg --armor --export 472244687FB324F3 | pbcopy
This will copy your public key to the clipboard so that you can Add it to your GitHub account