Jazzy Coding

The Art of Structured Improvisation. By Carsten Nielsen

Tag Archives: gpg

Signing git commits with your GPG key

With the release of Git v1.7.9 it’s possible to sign your commits now.
To activate this on your machine, you have to configure git:

1. Get your key-id in the terminal:

$> gpg --list-keys

pub   1024D/123ABC89 2011-09-27
uid                  Carsten Nielsen

Locate your relevant key and copy the ID to git:

$> git config --global user.signingkey 123ABC89

Now you are able to sign your commits by using the option -S

$> git commit -S

If you want to check the origin of a commit you can now show the signing by:

$> git log --show-signature

commit 01b817f3e3bfe1fb1143a172539162bf6bf7aca5
gpg: Signature made 2012-02-09T11:30:57 CET using RSA key ID 123ABC89
gpg: Good signature from "Carsten Nielsen "
Author: Carsten Nielsen 
Date:   Thu Feb 9 11:30:48 2012 +0100

    Lets sign something

With this we should be able to create an infrastructure on the repo- or deploy-server to check and ensure the origin of the commits.
But this is another story for another time…