5

Git 使用 GPG 签名验证

 2 years ago
source link: https://violarulan.github.io/blog/git-gpg-verify/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Programmer, Data Analyst and Gamer

Git 使用 GPG 签名验证

Nov 20, 2016
已阅读了 3 分钟

为了装逼可以在 Github 上面显示一个 Verified 的标签

下面是折腾步骤

生成 GPG Key

$ gpg --gen-key
gpg (GnuPG/MacGPG2) 2.0.28; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
# 选择 Key 种类,选择 1 或者 回车
Your selection? [ENTER]
RSA keys may be between 1024 and 4096 bits long.
# Key 长度
What keysize do you want? (2048) [ENTER]
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
# 过期时间
Key is valid for? (0) 0
Key expires at 日 6/11 22:33:50 2017 CST
# 检查正确
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: [姓名]
Email address: [邮箱]
Comment:
You selected this USER-ID:
"AAA "

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
# 输入密码

# 接下来可以等一会儿,可以在后台进行一些操作加快速度
# 可以参考 http://stackoverflow.com/questions/12257653/gpg-not-enough-random-bytes-available-please-do-some-other-work-to-give-the-o 中的一些操作
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key B5DB6617 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u
gpg: next trustdb check due at 2017-06-11
pub 2048R/B5DB2387 xxxxxxxxx
# B5DB2387 这个一会儿还会要用到
Key fingerprint = XXXX XXXX XXXX ...
uid [ultimate] xxx 
sub 2048R/1F4A9B85 xxxxxxxxx

启用 GPG

进入一个仓库 输入 git config commit.gpgsign true 启用 GPG Sign

也可以加入 --global 全局生效 git config --globall commit.gpgsign true

配置 Sign key

git config --global user.signingkey B5DB2387 #就是刚才记住的 Pub

这样本地就算基本配置完成了,现在添加到 Github

gpg --armor --export B5DB2387

吐出一坨东西,全部复制

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - https://gpgtools.org

****************************************************************
****************************************************************
****************************************************************
****************************************************************
-----END PGP PUBLIC KEY BLOCK-----

进入 https://github.com/settings/keys → New GPG Key

粘贴进去。

至此配置完成

在 commit 时

git commit -S -m "some description"

过程中可能需要生成密钥时的 passphrase。

回到文章列表


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK