Jazzy Coding

The Art of Structured Improvisation. By Carsten Nielsen

Signing git commits with your GPG key

3 Comments Posted by on February 9, 2012

With the release of Git v1.7.9 it’s possible to sign your commits now.
To activate this on your machine, you have to configure git:

1. Get your key-id in the terminal:

$> gpg --list-keys

...
pub   1024D/123ABC89 2011-09-27
uid                  Carsten Nielsen
...

Locate your relevant key and copy the ID to git:

$> git config --global user.signingkey 123ABC89

Now you are able to sign your commits by using the option -S

$> git commit -S

If you want to check the origin of a commit you can now show the signing by:

$> git log --show-signature

commit 01b817f3e3bfe1fb1143a172539162bf6bf7aca5
gpg: Signature made 2012-02-09T11:30:57 CET using RSA key ID 123ABC89
gpg: Good signature from "Carsten Nielsen "
Author: Carsten Nielsen 
Date:   Thu Feb 9 11:30:48 2012 +0100

    Lets sign something

With this we should be able to create an infrastructure on the repo- or deploy-server to check and ensure the origin of the commits.
But this is another story for another time…

Git, Tools , ,

3 responses to “Signing git commits with your GPG key

  1. http://www.tf-fnd.com.ar/member.php?7550-CharleyH6 August 19, 2013 at 06:12

    Howdy! Someone in my Myspace group shared this website with us so
    I came to check it out. I’m definitely loving the information. I’m book-marking and will be tweeting this to my followers!
    Wonderful blog and superb design.

  2. Pingback: B:datenbrei : Blog Archive : Bookmarks for August 23rd from 09:50 to 09:50

  3. Robin Sheat October 15, 2013 at 04:24

    I’ve just tried this and it seems to work fine, however the signature isn’t included with you do a git send-email or similar, making it substantially useless in workflows that use that.

Leave a comment