Humberto A Sanchez IIIntroduction
Between this article and this article, I figured out how to sign my GitHub commits.
Essentially it showed me how to:
- Check the GPG installation
- Check the keys
- Configure a single repository to use a signing key
- Verify signed commits
- It pointed me here for instructions on how to add my GPG key to GitHub
In SmartGit you can configure signing by typing:
Smartgit —> Settings —>Git config
You will see the following dialog. Enter your information.
However, commits with SmartGit failed because pinentry (pin entry, get it !) was trying to popup a terminal based UI to ask me for the signing key passphrase.
Because I use homebrew it is rather confusing as to where to configure gpg, the gpg-agent, and pinentry. Lots of the docmentation is for Linux and to make matters worse I am on Mac OS.
Earlier documentation suggested I had to update gpg.conf to configure pinentry.
Finally found this article that correctly pointed to gpg-agent.conf
Actually it said:
~/.gnupg/gpg-agent.conf
But I deduced that the homebrew configuration files resided here:
/opt/homebrew/etc/gnupg
The file did not exist so I created it. Voila, on my next check-in SmartGit popped up the OS X pin entry dialog
My Cliff's notes on key generation
gpg --full-generate-key
List the key to get the signing key
gpg --list-secret-keys --keyid-format LONG
Export public to import into GitHub
gpg --armor --export [my key] > public.gpg
Verify signed commits
git log --show-signature
