GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → pstadler → Keybase Gpg Github

pstadler / Keybase Gpg Github

Step-by-step guide on how to create a GPG key on keybase.io, adding it to a local GPG setup and using it with Git and GitHub.

Labels

cryptographyguidegpgsigninghowtokeybase

Projects that are alternatives of or similar to Keybase Gpg Github

Awesome Crypto Papers
A curated list of cryptography papers, articles, tutorials and howtos.
Stars: ✭ 985 (-60.69%)
Mutual labels:  howto, cryptography
Pius
PGP Individual User Signer
Stars: ✭ 77 (-96.93%)
Mutual labels:  gpg, signing
React Tdd Guide
A series of examples on how to TDD React
Stars: ✭ 585 (-76.66%)
Mutual labels:  guide, howto
Ed25519 Dalek
Fast and efficient ed25519 signing and verification in Rust.
Stars: ✭ 383 (-84.72%)
Mutual labels:  cryptography, signing
Bioc Refcard
Bioconductor cheat sheet
Stars: ✭ 152 (-93.93%)
Mutual labels:  guide, howto
Webcrypto
W3C Web Cryptography API for Node.js
Stars: ✭ 79 (-96.85%)
Mutual labels:  cryptography, signing
Minisign
A dead simple tool to sign files and verify digital signatures.
Stars: ✭ 1,105 (-55.91%)
Mutual labels:  cryptography, gpg
An Idiots Guide To Installing Arch On A Lenovo Carbon X1 Gen 6
so you wanted to install arch huh
Stars: ✭ 165 (-93.42%)
Mutual labels:  guide, howto
Golang For Nodejs Developers
Examples of Golang compared to Node.js for learning
Stars: ✭ 2,698 (+7.66%)
Mutual labels:  guide, howto
Portablesigner2
PortableSigner - A Commandline and GUI Tool to digital sign PDF files with X.509 certificates
Stars: ✭ 92 (-96.33%)
Mutual labels:  cryptography, signing
Pass Winmenu
An easy-to-use Windows interface for pass
Stars: ✭ 160 (-93.62%)
Mutual labels:  cryptography, gpg
Magicpad
MagicPad is an encryption suite for beginners. It is designed to be run standalone via the browser or executable (Electron).
Stars: ✭ 174 (-93.06%)
Mutual labels:  cryptography, gpg
Iavl
Merkleized IAVL+ Tree implementation in Go
Stars: ✭ 197 (-92.14%)
Mutual labels:  cryptography
Pgsodium
Modern cryptography for PostgreSQL using libsodium.
Stars: ✭ 202 (-91.94%)
Mutual labels:  cryptography
Visual Scala Reference
Visual Scala Reference
Stars: ✭ 198 (-92.1%)
Mutual labels:  guide
Codetogo.io
🚀 JavaScript code to go - Find updated snippets for common JavaScript use cases
Stars: ✭ 198 (-92.1%)
Mutual labels:  howto
A Guide To Deep Learning
A detailed guide to deep learning: http://yerevann.com/a-guide-to-deep-learning/
Stars: ✭ 208 (-91.7%)
Mutual labels:  guide
Kalium
Java binding to the Networking and Cryptography (NaCl) library with the awesomeness of libsodium
Stars: ✭ 203 (-91.9%)
Mutual labels:  cryptography
Firmware
❄️ Firmware and simulator for Coldcard Hardware Wallet
Stars: ✭ 198 (-92.1%)
Mutual labels:  cryptography
Tenseal
A library for doing homomorphic encryption operations on tensors
Stars: ✭ 197 (-92.14%)
Mutual labels:  cryptography
View All Similar Projects ➔

Set up Keybase.io, GPG & Git to sign commits on GitHub

This is a step-by-step guide on how to create a GPG key on keybase.io, adding it to a local GPG setup and use it with Git and GitHub.

Although this guide was written for macOS, most commands should work in other operating systems as well.

There's a video published by Timothy Miller explaining some parts of this guide. Discussion on Hacker News.

Note: If you don't want to use Keybase.io, follow this guide instead. For manually transferring keys to different hosts, check out this answer on Stack Overflow.

Requirements

$ brew install gpg
$ brew install --cask keybase

You should already have an account with Keybase and be signed in locally using $ keybase login. In case you need to set up a new device first, follow the instructions provided by the keybase command during login.

Make sure your local version of Git is at least 2.0 ($ git --version) to automatically sign all your commits. If that's not the case, use Homebrew to install the latest Git version: $ brew install git.

Create a new GPG key on keybase.io

$ keybase pgp gen --multi
# Enter your real name, which will be publicly visible in your new key: Patrick Stadler
# Enter a public email address for your key: [email protected]
# Enter another email address (or <enter> when done):
# Push an encrypted copy of your new secret key to the Keybase.io server? [Y/n] Y
# ▶ INFO PGP User ID: Patrick Stadler <[email protected]> [primary]
# ▶ INFO Generating primary key (4096 bits)
# ▶ INFO Generating encryption subkey (4096 bits)
# ▶ INFO Generated new PGP key:
# ▶ INFO   user: Patrick Stadler <[email protected]>
# ▶ INFO   4096-bit RSA key, ID CB86A866E870EE00, created 2016-04-06
# ▶ INFO Exported new key to the local GPG keychain

Set up Git to sign all commits

$ gpg --list-secret-keys --keyid-format LONG
# /Users/pstadler/.gnupg/secring.gpg
# ----------------------------------
# sec   4096R/E870EE00 2016-04-06 [expires: 2032-04-02]
# uid                  Patrick Stadler <[email protected]>
# ssb   4096R/F9E3E72E 2016-04-06

$ git config --global user.signingkey E870EE00
$ git config --global commit.gpgsign true

Add public GPG key to GitHub

$ open https://github.com/settings/keys
# Click "New GPG key"

# We can then use `export` with the `-q` or query flag to match on our key (the first 16 characters should do..) 
$ keybase pgp export -q CB86A866E870EE00 | pbcopy # copy public key to clipboard
# Paste key, save

Import key to GPG on another host

$ keybase pgp export
# ▶ WARNING Found several matches:
# user: Patrick Stadler <[email protected]>
# 4096-bit RSA key, ID CB86A866E870EE00, created 2016-04-06

# user: keybase.io/ps <[email protected]>
# 4096-bit RSA key, ID 31DBBB1F6949DA68, created 2014-03-26

$ keybase pgp export -q CB86A866E870EE00 | gpg --import
$ keybase pgp export -q CB86A866E870EE00 --secret | gpg --allow-secret-key-import --import

After importing you probably want to locally trust your own key, otherwise you will see gpg: WARNING: This key is not certified with a trusted signature! when running git log --show-signature.

$ gpg --edit-key CB86A866E870EE00
gpg> trust

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

gpg> quit

Troubleshooting: gpg failed to sign the data

If you cannot sign a commit after running through the above steps, and have an error like:

$ git commit -m "My commit"
# error: gpg failed to sign the data
# fatal: failed to write commit object

You can run echo "test" | gpg --clearsign to find the underlying issue.

If the above succeeds without error, then there is likely a configuration problem that is preventing git from selecting or using the secret key. Confirm that your gitconfig user.email matches the secret key that you are using for signing.

Another solution is set up Git to use GPG program on Windows

$ git config --global user.signingkey E870EE00
$ git config --global commit.gpgsign true
$ git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

Optional: Set as default GPG key

$ $EDITOR ~/.gnupg/gpg.conf
# Add line:
default-key E870EE00

Optional: Fix for Git UIs

If you use a UI such as Git Tower or Github Desktop, you may need to configure git to point to the specific gpg executable:

git config --global gpg.program $(which gpg)

Optional: Disable TTY

If you have problems with making autosigned commits from IDE or other software add no-tty config

$ $EDITOR ~/.gnupg/gpg.conf
# Add line:
no-tty

Optional: Setting up TTY

Depending on your personal setup, you might need to define the tty for gpg whenever your passphrase is prompted. Otherwise, you might encounter an Inappropriate ioctl for device error.

$ $EDITOR ~/.profile # or other file that is sourced every time
# Paste these lines
GPG_TTY=$(tty)
export GPG_TTY

Optional: In case you're prompted to enter the password every time

Some people found that this works out of the box w/o following these steps.

Method 1 - gpg-agent + pinentry-mac

Install pinentry-mac:

$ brew install pinentry-mac

Set up the agent:

$ $EDITOR ~/.gnupg/gpg-agent.conf
# Paste this line:
pinentry-program /usr/local/bin/pinentry-mac

Now git commit -S, it will ask your password and you can save it to macOS keychain.

pinentry

Method 2 - GPG Suite

Some people find that pinentry installed with brew does not allow the password to be saved to macOS's keychain.

If you do not see "Save in Keychain" after following Method 1, first uninstall the version of pinentry-mac installed with brew:

$ brew uninstall pinentry-mac

Now install the GPG Suite versions, available from gpgtools.org, or from brew by running:

$ brew install --cask gpg-suite

Once installed, open Spotlight and search for "GPGPreferences", or open system preferences and select "GPGPreferences"

Select the Default Key if it is not already selected, and ensure "Store in OS X Keychain" is checked:

gpg preferences

The gpg-agent.conf is different from Method 1:

Set up the agent:

$ $EDITOR ~/.gnupg/gpg-agent.conf
# GPG Suite should pre-populate with something similar to the following:
default-cache-ttl 600
max-cache-ttl 7200
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].