- 安装软件
brew install gnupg pinentry-mac
- 创建 .gnupg 目录
# 创建目录
mkdir ~/.gnupg
# 指定 GPG 使用的 pinentry 程序路径
echo "pinentry-program $(brew --prefix)/bin/pinentry-mac"> ~/.gnupg/gpg-agent.conf
- 更新或创建 ~/.gnupg/gpg.conf
# 指定 GPG 使用的 gpg-agent
echo 'use-agent' > ~/.gnupg/gpg.conf
- 更新 Shell
添加下面的内容到 ~/.zshrc
...
export GPG_TTY=$(tty)
- 使步骤4配置生效
source ~/.zshrc
- 更新 ~/.gnupg 目录权限
chmod 700 ~/.gnupg
- 杀死旧代理
killall gpg-agent
- 创建 GPG 密钥
gpg --full-gen-key
- 交互式问答
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: John Smith
Email address: john.smith@fictionaladdress.com
Comment:
You selected this USER-ID:
"John Smith <john.smith@fictionaladdress.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
- 查看生成信息
gpg -k
- 获取公钥 id
gpg -K --keyid-format SHORT
sec rsa4096/######## YYYY-MM-DD [SC] [expires: YYYY-MM-DD]
- 导出指纹
# The export command below gives you the key you add to GitHub
gpg --armor --export <your key id>
- 配置 git 使用 gpg
git config --global gpg.program $(which gpg)
- 配置 git 使用指纹
git config --global user.signingkey 111111
- 配置 git 所有仓库的 commit 都作用
git config --global commit.gpgsign true
