---
# System prepended metadata

title: Setting Up and Managing GPG Keys for GitHub
tags: [github, development]

---

# Setting Up and Managing GPG Keys for GitHub

## Table of Contents
- [Setting Up a New GPG Signing Key for GitHub](#setting-up-a-new-gpg-signing-key-for-github)
- [Exporting and Importing an Existing Key to Another Machine](#exporting-and-importing-an-existing-key-to-another-machine)
- [Managing Keys and Listing Them](#managing-keys-and-listing-them)
- [Signing Every Commit](#signing-every-commit)
- [Resources](#resources)

## Setting Up a New GPG Signing Key for GitHub

1. **Install GPG**
    - **macOS:**
      ```sh
      brew install gnupg
      ```
    - **Ubuntu/Debian:**
      ```sh
      sudo apt-get install gnupg
      ```
    - **Windows:**
      Download and install GPG from [Gpg4win](https://gpg4win.org/).

2. **Generate a New GPG Key**
    ```sh
    gpg --full-generate-key
    ```
    Follow the prompts:
    - Key type: `RSA and RSA`
    - Key size: `4096`
    - Key expiration: Choose as needed (e.g., 1 year)
    - Real name: Your name
    - Email: Your GitHub email address

3. **List Your Keys**
    ```sh
    gpg --list-secret-keys --keyid-format LONG
    ```

4. **Add the GPG Key to GitHub**
    ```sh
    gpg --armor --export YOUR_KEY_ID
    ```
    Copy the output and add it to GitHub under **Settings** > **SSH and GPG keys** > **New GPG key**.

5. **Configure Git to Use Your GPG Key**
    ```sh
    git config --global user.signingkey YOUR_KEY_ID
    ```

6. **Verify Your Setup**
    ```sh
    git commit -S -m "Your commit message"
    ```
    Push the commit to GitHub and look for the "Verified" badge.

## Exporting and Importing an Existing Key to Another Machine

1. **Export the Private Key**
    ```sh
    gpg --export-secret-keys YOUR_KEY_ID > myprivatekey.asc
    ```

2. **Export the Public Key**
    ```sh
    gpg --export YOUR_KEY_ID > mypublickey.asc
    ```

3. **Transfer Keys Securely**
    Use SCP, SFTP, or a secure USB drive to transfer `myprivatekey.asc` and `mypublickey.asc`.

4. **Import the Private Key on the New Machine**
    ```sh
    gpg --import myprivatekey.asc
    ```

5. **Import the Public Key on the New Machine**
    ```sh
    gpg --import mypublickey.asc
    ```

6. **Verify the Import**
    ```sh
    gpg --list-keys
    gpg --list-secret-keys
    ```

## Managing Keys and Listing Them

1. **List All Keys**
    ```sh
    gpg --list-keys
    gpg --list-secret-keys --keyid-format LONG
    ```

2. **Delete a Key**
    ```sh
    gpg --delete-secret-keys YOUR_KEY_ID
    gpg --delete-keys YOUR_KEY_ID
    ```

3. **Edit Key Preferences**
    ```sh
    gpg --edit-key YOUR_KEY_ID
    ```

## Signing Every Commit

1. **Configure Git to Sign All Commits by Default**
    ```sh
    git config --global commit.gpgSign true
    ```

2. **Sign a Single Commit**
    ```sh
    git commit -S -m "Your commit message"
    ```