雅白
Git 使用 GPG 签名验证
为了装逼可以在 Github 上面显示一个 Verified 的标签
下面是折腾步骤
生成 GPG Key
$ gpg --gen-key
gpg (GnuPG/MacGPG2) 2.0.28; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
# 选择 Key 种类,选择 1 或者 回车
Your selection? [ENTER]
RSA keys may be between 1024 and 4096 bits long.
# Key 长度
What keysize do you want? (2048) [ENTER]
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
# 过期时间
Key is valid for? (0) 0
Key expires at 日 6/11 22:33:50 2017 CST
# 检查正确
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: [姓名]
Email address: [邮箱]
Comment:
You selected this USER-ID:
"AAA "
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
# 输入密码
# 接下来可以等一会儿,可以在后台进行一些操作加快速度
# 可以参考 http://stackoverflow.com/questions/12257653/gpg-not-enough-random-bytes-available-please-do-some-other-work-to-give-the-o 中的一些操作
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key B5DB6617 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u
gpg: next trustdb check due at 2017-06-11
pub 2048R/B5DB2387 xxxxxxxxx
# B5DB2387 这个一会儿还会要用到
Key fingerprint = XXXX XXXX XXXX ...
uid [ultimate] xxx
sub 2048R/1F4A9B85 xxxxxxxxx
启用 GPG
进入一个仓库 输入 git config commit.gpgsign true 启用 GPG Sign
也可以加入 --global 全局生效 git config --globall commit.gpgsign true
配置 Sign key
git config --global user.signingkey B5DB2387 #就是刚才记住的 Pub
这样本地就算基本配置完成了,现在添加到 Github
导出公钥
gpg --armor --export B5DB2387
吐出一坨东西,全部复制
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - https://gpgtools.org
****************************************************************
****************************************************************
****************************************************************
****************************************************************
-----END PGP PUBLIC KEY BLOCK-----
进入 https://github.com/settings/keys → New GPG Key
粘贴进去。
至此配置完成
在 commit 时
git commit -S -m "some description"
过程中可能需要生成密钥时的 passphrase。