Other Setup

  1. Download and install git.

  2. Setup your user name and email.

    git config --global user.name "John Smith"
    git config --global user.email "[email protected]"
  3. Setup your default text editor.

    git config --global core.editor vim

    At this stage, if you were to commit to a project, there would be no way to tell if you are really John Smith. In fact, you could be anybody claiming to be John Smith. In the same way that online document signing applications allow you to verify you are you, you can create a GPG key, upload it to GitHub, and automatically sign your commits so creators know it comes from you. To do so, continue on.

  4. Install Homebrew.

  5. Install gpg2 by running: brew install gpg2.

  6. Install gpgtools from GPGTools.

  7. Open a terminal and type the following.

    gpg --full-generate-key --expert
  8. Select ECC (sign only) in the first prompt, and Curve 25519 for the second. Choose how many years you’d like your key to be valid for, and enter the information as you are prompted.

    It is recommended to not use a passphrase if you want to have your commits automatically signed when using GitHub Desktop. Otherwise, you will need to run the following in a terminal before you can commit to the project.

    export GPG_TTY=$(tty)
  9. When complete, you can print the public key by running the following.

    gpg --export -a "John Smith"

    Make sure your replace "John Smith" with the user name you provided when creating the key.

  10. Copy the public key to your clipboard, navigate to github.com, and sign in. Click on your profile in the upper right-hand corner of the screen and navigate to Settings. On the left-hand menu, click SSH and GPG keys and then New GPG key. Paste your public key in the provided text area and click Add GPG key.

  11. Lastly, in order to sign commits using the newly created key, open up a text editor and modify $HOME/.gitconfig to use your key.

    [user]
        name = John Smith
        email = [email protected]
        signingkey = ABCDEFGHIJKLMNOP
    [gpg]
        program = /usr/local/bin/gpg (or other path to `gpg` executable)
    [commit]
        gpgsign = true

    To get your signing key, run the following.

    gpg --list-secret-keys --keyid-format=long

    Your signing key is the 16 character value following ed25519/ on the sec line.