Show verified badge in the git commit
- Published on
- Authors
- Name
- Mudassir
- Github
- @Lzyct
Commit Signing
Commit signing is to show the verified badge on your commit in GitHub or GitLab. But what is commit signing and why do we need it? Well, the verified badge is used to validate if that commit is from your computer. You can see the difference between them before I add the GPG Key from my computer to GitHub.
So let's get started!
Generate GPG Key
gpg --full-generate-key
Press enter to set the default value and follow the instructions to fill in the data.
After generating the key,
Show list secret key
gpg --list-secret-keys --keyid-format=long
Result:
$ gpg --list-secret-keys --keyid-format=long
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
[keyboxd]
---------
sec ed25519/AC275966XXXXXXXX 2023-09-29 [SC]
210D4EFD564AA0D54CFB4DA6AC2759666B133C5A
uid [ultimate] Mudassir <[email protected]>
ssb cv25519/D155410A750BB753 2023-09-29 [E]
On that result, the GPG ID is AC275966XXXXXXXX
, after we get the GPG ID we need to export it to get the GPG Key
Export GPG Key
gpg --armor --export AC275966XXXXXXXX
$ gpg --armor --export AC275966XXXXXXXX
-----BEGIN PGP PUBLIC KEY BLOCK-----
XxXxXXZKMhYJKwYBBAHaRw8BAQdAiwRhc30psmOTImWy9UDzrZZWOPcKAgF71nWG
7zdQmq+0IU11ZGFzc2lyIDxoZXkubXVkYXNzaXJAZ21haWwuY29tPoiTBBMWCgA7
FiEEIQ1O/VZKoNVM+02mrCdZZmsTPFoFAmUWSjICGwMFCwkISVBdaeWSAsoJCAsC
BBYCAwECHgcCF4AACgkQrCdZZmsTPFrmHQEAykGw8NDnvmFFMdz/MsxuEqcPcqpr
RJHLwygRV3fhKmQBANVAcdsetvH+ymcYxJOfQBwKGWkvi00umJpsibEyZzoIuDgE
ZRZKMhIKKwYBBAGXVQEFAQEHQC195/jEeu2cUdgRVYH8fNdr/Ri3/6+k2/NvqrgF
M75jAwEIB4h4BBgWCgAgFiEEIQ1?XXxXX+02mrCdZZmsTPFoFAmUWSjICGwwA
CgkQrCdZZmsTPFoaGwEA0Ln4E6q3D261bjNS6FWF9QiMAOGMU4hh+lyC4C+dl/wB
ALrl2aMKLP9WQAIbmbxq5x6QFT1NZw+/eURsu99YaFgL
=SJIn
-----END PGP PUBLIC KEY BLOCK-----
Add the GPG Key to your GitHub or GitLab
Copy result from -----BEGIN
until KEY BLOCK-----
and paste it to here:
GitHub
You can open this URL to Add your GPG key
GitLab
For GitLab, you can use this URL to add your GPG key
Set GPG signing in Git
To set your primary GPG signing key in Git, paste the text below, substituting the GPG primary key ID you'd like to use. In this example, the GPG key ID is AC275966XXXXXXXX
:
git config --global user.signingkey AC275966XXXXXXXX
But if you wanna use different key
per project, you can open the terminal on your project and use this command
git config --local user.signingkey AC275966XXXXXXXX
Optional
Optionally, to configure Git to sign all commits by default, enter the following command:
git config --global commit.gpgsign true
For local config you can use this command
git config --local commit.gpgsign true