Home Using GPG Keys on Mac to clone a private GitHub repository
Post
Cancel

Using GPG Keys on Mac to clone a private GitHub repository

Get yourself verified on GitHub using GPG keys (on Mac)

GitHub Verified

requirements

Installation

1
2
3
4
brew install gpg
brew install gpg-agent
brew install pinentry-mac
brew install git

How to create a PGP key on macOS

  1. Open the Terminal app and type the following command to generate a PGP key:
1
gpg --full-generate-key
  1. Select the kind of key you want:
1
2
3
4
5
6
7
8
9
Please select what kind of key you want:
   (1) RSA and RSA
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (9) ECC (sign and encrypt) *default*
  (10) ECC (sign only)
  (14) Existing key from card
Your selection?
  1. Select the key size:
1
2
3
4
5
Please select which elliptic curve you want:
   (1) Curve 25519 *default*
   (4) NIST P-384
   (6) Brainpool P-256
Your selection?
  1. Enter the key expiration:
1
2
3
4
5
6
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
  1. Confirm the key expiration:
1
Key is valid for? (0)
  1. Enter your user ID information:
1
2
3
Real name:
Email address:
Comment:

After creating the GPG keys, you need to add it to your GitHub account

  1. Copy the PGP key to your clipboard:
1
gpg --armor --export <your_email>
  1. Open GitHub, go to your account settings and click on SSH and GPG keys.
  2. Click on New GPG key, enter any title, paste the PGP key you copied in the previous step, and click on Add GPG key.

How to configure Git to sign commits and tags

  1. Open the Terminal app and type the following command to configure Git to sign commits and tags:
1
2
3
git config --global user.signingkey <your_key_id>
git config --global commit.gpgsign true
git config --global tag.gpgsign true

How to configure Git to use GPG for signing

  1. Open the Terminal app and type the following command to configure Git to use GPG for signing:
1
git config --global gpg.program gpg

Now we need to configure GPG to use pinentry-mac

  1. Open the Terminal app and type the following command to configure GPG to use pinentry-mac:
1
echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
  1. Open the Terminal app and type the following command to restart GPG agent:
1
gpgconf --kill gpg-agent
  1. Open the Terminal app and type the following command to verify that pinentry-mac is being used:
1
echo "test" | gpg --clearsign
  1. You should see a popup window asking for your passphrase:

pinentry-mac

This post is licensed under CC BY 4.0 by the author.