TL DR: If you don't care for the details, and just need to get commit signing setup quickly, skip to How to Sign Commits. If Git hosting you are using supports verification of GPG signing, upload the public part of your key there.Git has a feature to "sign" commits, but what is signing, and what are the benefits? The state of the GPG signature will be displayed in the Commit details pane on the Log tab. Now your every commit will be signed with the selected key. In the dialog that opens, click Sign commits with GPG key and select the key you want to use from the list. In the Settings/Preferences dialog ( Ctrl+Alt+S), go to Version Control | Git, and click the Configure GPG Key button. Start IntelliJ IDEA (or restart it to make sure it loads the changes you've made to your environment). Make sure the keys have been imported by running the following command: gpg -list-keys. Make sure you enter it in a dialog that should pop up rather than entering it in command line as it is important that GUI is used for such prompts. Specify the GitHub noreply email address if you plan to use the signature along with the email address privacy features.Įnter a secure passphrase. It is recommended to use the same username and e-mail address that is shown as the author of your commits. Key validity period: 1 year (it's a good practice to rotate the key once a year)Įnter your user ID information. Open Terminal / Command Prompt / GitBash / any other shell you have on your system and run the following command: gpg -full-generate-key (for pgp 2.1.17 and below, use the gpg -gen-key command.Īnswer the questions that the tool will return. If there are no keys yet, you need to generate a new pair. Open Terminal / Command Prompt / GitBash / any other shell you have on your system and run the following command: gpg -import If you already have GPG keys, you need to import them to the respective GPG keyring. See YubiKey-Guide for instructions on how to set up Yubikey. The most secure way is to use smartcards, for example, Yubikey to store the private part of your keys. Make sure that the pinentry shows a GUI prompt using the echo GETPIN | pinentry command. Pinentry:Passphrase Entry:/usr/bin/pinentry Scdaemon:Smartcards:/usr/lib/gnupg/scdaemon Gpg-agent:Private Keys:/usr/bin/gpg-agent
0 kommentar(er)
