Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/jxareas/sign-with-gpg

Learn how to easily sign your commits with GPG Cryptographic Keys on MacOS & Windows.
https://github.com/jxareas/sign-with-gpg

commit-signing cryptography git gpg learn macos windows

Last synced: 7 months ago
JSON representation

Learn how to easily sign your commits with GPG Cryptographic Keys on MacOS & Windows.

Awesome Lists containing this project

README 

          
# Sign your Commits with GPG



This repository provides simple intructions on how to sign your Git commits locally using GPG, in both [MacOS](./macos/README.md) and [Windows](./windows/README.md) Environments.



## Why use GPG signatures?



Commit signature verification allows you to sign commits and tags locally, to give other people confidence about the origin of a change you have made. If a commit or tag has a GPG, SSH, or S/MIME signature that is cryptographically verifiable, GitHub marks the commit or tag "Verified" or "Partially verified."



For most individual users, GPG or SSH will be the best choice for signing commits. S/MIME signatures are usually required in the context of a larger organization. SSH signatures are the simplest to generate. You can even upload your existing authentication key to GitHub to also use as a signing key. Generating a GPG signing key is more involved than generating an SSH key, but GPG has features that SSH does not.



A GPG key can expire or be revoked when no longer used. GitHub shows commits that were signed with such a key as "Verified" unless the key was marked as compromised. SSH keys don't have this capability.