使用 GPG 签名 Git Commits#

1$ gpg --gen-key
2gpg (GnuPG/MacGPG2) 2.0.28; Copyright (C) 2015 Free Software Foundation, Inc.
3This is free software: you are free to change and redistribute it.
4There is NO WARRANTY, to the extent permitted by law.
5
6Please select what kind of key you want:
7   (1) RSA and RSA (default)
8   (2) DSA and Elgamal
9   (3) DSA (sign only)
10   (4) RSA (sign only)
11Your selection?
12RSA keys may be between 1024 and 4096 bits long.
13What keysize do you want? (2048)
14Requested keysize is 2048 bits
15Please specify how long the key should be valid.
16         0 = key does not expire
17      <n>  = key expires in n days
18      <n>w = key expires in n weeks
19      <n>m = key expires in n months
20      <n>y = key expires in n years
21Key is valid for? (0) 1y
22Key expires at 日  6/11 22:33:50 2017 CST
23Is this correct? (y/N) y
24
25GnuPG needs to construct a user ID to identify your key.
26
27Real name: xxx
28Email address: xxx@yyy.com
29Comment:
30You selected this USER-ID:
31    "xxx <xxx@yyy.com>"
32
33Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
34Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
35You need a Passphrase to protect your secret key.
36
37We need to generate a lot of random bytes. It is a good idea to perform
38some other action (type on the keyboard, move the mouse, utilize the
39disks) during the prime generation; this gives the random number
40generator a better chance to gain enough entropy.
41We need to generate a lot of random bytes. It is a good idea to perform
42some other action (type on the keyboard, move the mouse, utilize the
43disks) during the prime generation; this gives the random number
44generator a better chance to gain enough entropy.
45gpg: key B5DB6617 marked as ultimately trusted
46public and secret key created and signed.
47
48gpg: checking the trustdb
49gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
50gpg: depth: 0  valid:   3  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 3u
51gpg: next trustdb check due at 2017-06-11
52pub   2048R/B5DB6617 2016-06-11 [expires: 2017-06-11]
53      Key fingerprint = 3AE5 19D5 8A58 C59B B029  6CEA 8566 6A47 B5DB 6617
54uid       [ultimate] xxx <xxx@yyy.com>
55sub   2048R/1F4A9B85 2016-06-11 [expires: 2017-06-11]

1git config commit.gpgsign true

1$ git config --global commit.gpgsign true

1$ git commit -S -m "comment"

1$ git ci -m "test"
2gpg: skipped "ZZZ <xxx@yyy.com>": No secret key
3gpg: signing failed: No secret key
4error: gpg failed to sign the data
5fatal: failed to write commit object

1$ git add .
2$ git ci -m "test"
3
4You need a passphrase to unlock the secret key for
5user: "xxx <xxx@yyy.com>"
64096-bit RSA key, ID C0B176D7, created 2016-06-11
7
8[master (root-commit) 163d909] test
9 1 file changed, 3 insertions(+)
10 create mode 100644 README.md

1$ gpg --list-secret-keys
2/Users/xxx/.gnupg/secring.gpg
3-------------------------------
4sec   4096R/C0B176D7 2016-06-11 [expires: 2020-06-11]
5uid                  xxx <xxx@yyy.com>
6ssb   4096R/E00F263F 2016-06-11
7
8$ gpg --armor --export C0B176D7
9-----BEGIN PGP PUBLIC KEY BLOCK-----
10Comment: GPGTools - https://gpgtools.org
11
12****************************************************************
13****************************************************************
14****************************************************************
15************************************************
16*****
17-----END PGP PUBLIC KEY BLOCK-----