GitHub and GPG keys

Posted Dec 4, 2024

By Roy Veshovda 1 min read

Intro

To get the nice verified checkmarks on your GitHub commits, you need to use either SSH or GPG key to sign your commits. I have opted for GPG key, as this would be a single purpose key, instead or reusing an SSH key for both SSH and signing (matter of personal choice, I guess).

Generate key

To generate new GPG key, you can follow instructions from the official GitHub docs here https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.

Even if it can be annoying to generate keys every year, I would recommend to set maximum expiration to 1y.

Export key

Taken from Redhat, there is a nice guide on how to export and import public and private GPG keys: https://access.redhat.com/solutions/2115511

tools

github gpg

This post is licensed under CC BY 4.0 by the author.

Intro

Generate key

Export key

Trending Tags