# Setting Up and Managing GPG Keys for GitHub ## Table of Contents - [Setting Up a New GPG Signing Key for GitHub](#setting-up-a-new-gpg-signing-key-for-github) - [Exporting and Importing an Existing Key to Another Machine](#exporting-and-importing-an-existing-key-to-another-machine) - [Managing Keys and Listing Them](#managing-keys-and-listing-them) - [Signing Every Commit](#signing-every-commit) - [Resources](#resources) ## Setting Up a New GPG Signing Key for GitHub 1. **Install GPG** - **macOS:** ```sh brew install gnupg ``` - **Ubuntu/Debian:** ```sh sudo apt-get install gnupg ``` - **Windows:** Download and install GPG from [Gpg4win](https://gpg4win.org/). 2. **Generate a New GPG Key** ```sh gpg --full-generate-key ``` Follow the prompts: - Key type: `RSA and RSA` - Key size: `4096` - Key expiration: Choose as needed (e.g., 1 year) - Real name: Your name - Email: Your GitHub email address 3. **List Your Keys** ```sh gpg --list-secret-keys --keyid-format LONG ``` 4. **Add the GPG Key to GitHub** ```sh gpg --armor --export YOUR_KEY_ID ``` Copy the output and add it to GitHub under **Settings** > **SSH and GPG keys** > **New GPG key**. 5. **Configure Git to Use Your GPG Key** ```sh git config --global user.signingkey YOUR_KEY_ID ``` 6. **Verify Your Setup** ```sh git commit -S -m "Your commit message" ``` Push the commit to GitHub and look for the "Verified" badge. ## Exporting and Importing an Existing Key to Another Machine 1. **Export the Private Key** ```sh gpg --export-secret-keys YOUR_KEY_ID > myprivatekey.asc ``` 2. **Export the Public Key** ```sh gpg --export YOUR_KEY_ID > mypublickey.asc ``` 3. **Transfer Keys Securely** Use SCP, SFTP, or a secure USB drive to transfer `myprivatekey.asc` and `mypublickey.asc`. 4. **Import the Private Key on the New Machine** ```sh gpg --import myprivatekey.asc ``` 5. **Import the Public Key on the New Machine** ```sh gpg --import mypublickey.asc ``` 6. **Verify the Import** ```sh gpg --list-keys gpg --list-secret-keys ``` ## Managing Keys and Listing Them 1. **List All Keys** ```sh gpg --list-keys gpg --list-secret-keys --keyid-format LONG ``` 2. **Delete a Key** ```sh gpg --delete-secret-keys YOUR_KEY_ID gpg --delete-keys YOUR_KEY_ID ``` 3. **Edit Key Preferences** ```sh gpg --edit-key YOUR_KEY_ID ``` ## Signing Every Commit 1. **Configure Git to Sign All Commits by Default** ```sh git config --global commit.gpgSign true ``` 2. **Sign a Single Commit** ```sh git commit -S -m "Your commit message" ```