If you have any errors when generating a key regarding gpg-agent, try the following command to see what error it generates: gpg-agent -daemon If you were following an earlier version of this gist that said you did not need to specify a pinentry program, you will need to re-do the second part of Step 2. This is caused by a missing configuration to specify the pinentry program. Review Step 2 and complete the second part again. This is caused by an incorrectly configured pinentry program. If you're only signing your Git commits to Github this isn't necessary.Spammers have been known to harvest email addresses from these servers.You cannot delete your key once submitted.Step 19: Submitting Your Key to a Public Keyserver (very optional)īefore you jump on submitting your key to a service such as the MIT PGP Key Server, you should consider the following: Login into and go to your settings, SSH and GPG Keys, and add your GPG key from the page. Step 18: Submit your PGP key to Github to verify your Commits You can enter it into the Dialog box-with the option of saving the password to the macOS X Keychain. You will now be prompted by Pinentry for the password for your signing key. Step 16: Perform a Commit git commit -S -s -m "My Signed Commit" This tells Git to sign all commits using the key you specified in step 13. Step 15: Configure Git to sign all commits (Optional-you can configure this per repository too) The below command needs the fingerprint from step 10 above: git config -global user.signingkey 1111111 Step 14: Configure Git to use your signing key Step 13: Configure Git to use gpg git config -global gpg.program $(which gpg) Documentation on how to do that is here # The export command below gives you the key you add to GitHub The output from below is what you copy to Github. In the output from step 10, the line below the row that says 'pub' shows a fingerprint-this is what you use in the placeholder. *You need to copy the output from your terminal similar to the example above where the # is following the slash. Use the next command to generate a short form of the key fingerprint.Ĭopy the text after the rsa4096/ and before the date generated and use the copied id in step 13: gpg -K -keyid-format SHORT You need a Passphrase to protect your secret key. You need a user ID to identify your key the software constructs the user IDįrom the Real Name, Comment and Email Address in this form:Ĭhange (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o Please specify how long the key should be valid. If you want to follow best practices, you will want to look into generating a Primary key and then Subkeys and the secure handling involved with that. There are a number of arguments on the topic of expiration dates with GPG Keys, for brevity and the sake of keeping this explanation simple we're not using Subkeys in this example and showing a non-expiring example. Once you have entered your options, pinentry will prompt you for a password for the new PGP key. Run the following command to generate your key, note we have to use the -expert flag so as to generate a 4096-bit key. To ensure that you don't run into issues, run the below command to ensure a freshly configured gpg-agent is launched. You will need to modify the permissions to 700 to secure this directory. Step 6: Update the Permissions on your ~/.gnupg Directory # if using bash through homebrew over ssh use Step 5: Restart your Terminal or source your ~/.*rc file # on the built-in bash on macos use # This tells gpg to use the gpg-agentĪppend the following to your ~/.bash_profile or ~/.bashrc or ~/.zshrc. Step 3: Update or Create ~/.gnupg/gpg.conf # Tells GPG which pinentry program to useĮcho "pinentry-program $(brew -prefix)/bin/pinentry-mac" > ~/.gnupg/nf EDIT: June 2022 - Fixes single quotes to allow expansion of the subshell # Make the directory If this directory does not exist, create it. Sudo installer -pkg GPGTools.We use the Homebrew package manager for this step. # Now begin the installer as root, with a target of "/" # NOTE: the last line of the output describes where the image was mounted. # Mount the DMG image so we can access it's contents This is hardly a gpg specific question, it should be asked an OSX systems support section, however, I will answer the best I can, but specific only to the installing GPGTools for OSX (the process for installing other dmg/pkg's on OSX might differ).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |