💡 Creating GPG keys for GitHub
Now that we have GPG software installed and available, we need to generate our GPG keys.
gpg --full-generate-key
Once run, you will get a series of questions. The first question is related to key kind. Choose the default option (1).
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
Your selection? 1
The next question is about the key size. While GPG offers multiple options, GitHub requires a minimum of 4096 bits.
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Next, choose how long the key will be valid. In my case, I wanted it never to expire.
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
After confirming that everything above is correct, we now need to set up our identity.
GnuPG needs to construct a user ID to identify your key.
Real name: Przemyslaw Klys
Email address:
Before you go and type in your email address, you need to know that email address choice is essential.
It has to be the real email address that you have verified with GitHub, or if you don't want to share it, you can use the NoReply email address provided to you by GitHub if you enable Keep my email addresses private option. To quickly jump to the email address section, simply use this link.
GnuPG needs to construct a user ID to identify your key.
Real name: Przemyslaw Klys
Email address: private.email@evotec.pl
Comment:
You selected this USER-ID:
"Przemyslaw Klys "
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)it? O
Once you confirm your choice, you will have to choose a password for your GPG keys. Make sure it's long enough and saved in a safe place.
After you've done it, you will get information about your public and secret keys generated and stored on your drive.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: C:/Users/przemyslaw.klys/AppData/Roaming/gnupg/trustdb.gpg: trustdb created
gpg: key 777SSD77955SD marked as ultimately trusted
gpg: directory 'C:/Users/przemyslaw.klys/AppData/Roaming/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as 'C:/Users/przemyslaw.klys/AppData/Roaming/gnupg/openpgp-revocs.d\588DFSDFD66824590285235SSD.rev'
public and secret key created and signed.
pub rsa4096 2020-05-07 [SC]
588DFSDFD66824590285235SSD
uid Przemyslaw Klys
sub rsa4096 2020-05-07 [E]
Let's quickly check if everything was generated properly
gpg --list-secret-keys --keyid-format LONG
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
C:/Users/przemyslaw.klys/AppData/Roaming/gnupg/pubring.kbx
----------------------------------------------------------
sec rsa4096/B8EEAEC08238FF53 2020-05-07 [SC]
588DFSDFD66824590285235SSD
uid [ultimate] Przemyslaw Klys
ssb rsa4096/68EC3119AD3D55A4 2020-05-07 [E]
On the next step, we need to export our public GPG key and apply it to GitHub. The command below will display our public key in console, allowing us to use it on GitHub.
gpg --armor --export 588DFSDFD66824590285235SSD
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF60ewsBEACbaZJx5H42fNeo7Udnl2saihnYqrp+NTuiDMQX5GkkdhMOugr7
ZRcuUrf0ouvfp/47PqUGCLoLA4VRyiGqzwIJMKfqkcfH0gzcVzowQZVutzaLlv5z
-----END PGP PUBLIC KEY BLOCK-----
Keep in mind that you need to paste full key including BEGIN and END part.
Now we need to configure git. Notice that your installation path may be different and that I'm setting it as global values since I want to use it in every project.
git config --global user.signingkey 588DFSDFD66824590285235SSD
git config --global commit.gpgsign true
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"