Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cub0n/github-gpg-creation

Generates and loads a signing GPG Key to GitHub. Configures global GIT settings accordingly.
https://github.com/cub0n/github-gpg-creation

github github-api github-config gpg gpg-key java signing signing-commits

Last synced: 13 days ago
JSON representation

Generates and loads a signing GPG Key to GitHub. Configures global GIT settings accordingly.

Host: GitHub
URL: https://github.com/cub0n/github-gpg-creation
Owner: Cub0n
License: mit
Created: 2022-08-30T12:44:01.000Z (over 2 years ago)
Default Branch: master
Last Pushed: 2024-12-07T19:45:01.000Z (about 1 month ago)
Last Synced: 2024-12-07T20:25:53.303Z (about 1 month ago)
Topics: github, github-api, github-config, gpg, gpg-key, java, signing, signing-commits
Language: Java
Homepage:
Size: 52.7 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Description
The programm creates a newly GPG key according to [GitHub Website](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key).
For signing a RSA 4096 GPG key and a RSA 4096 sub-key are needed. The name and eMail have to be the same as in GitHub.
The expiry date is hardcoded and the newly GPG key is only valid for two years.

**Attention: The final configuration is automatically saved to the global GIT config and can then be directly used by Eclipse.**

# Usage
## Token generation
A special kind of token has to be generated (see: https://github.com/settings/tokens/new).

The only selected scopes are *user* and *admin:gpg_key*.

![New token](pics/token.png)

**Attention: This token has to have a very short lifetime (you need it only to generate the GPG key) and it should be a newly generated token only for this purpose.**

## Start the programm
The program should run on the commandline and from every IDE you use, as long as GPG and GIT are installed.
* The first program argument is the Github token and is mandatory
* The second argument is the password for the GPG Key and is optional. Then the password have to be typed in at the commandline

# TODO
* The expiry date for the GPG key has not to be hardcoded
* Frontend for generation
* Automatically find GPG and GIT native programms on ~~Linux~~, Mac and Windows systems
* Adapt to other languages than english (see GPGWrapper: substring between "gpg: key" and "marked as ultimately trusted")

# Inspired by
* https://github.com/wimtie/gpg-java
* https://github.com/hub4j/github-api