Signing Git Commits Using GPG in Catalina

1. Install dependencies:

   brew install gpg pinentry-mac
   

2. Generate a GPG key (use 4096 bit option):

   gpg --full-generate-key
   

3. Get the key ID (the one following sec rsa4096/, looking like this: 1234EA45F525C1AD):

   gpg --list-secret-keys --keyid-format LONG
   

4. Set your signing key in Git:

   git config --global user.signingkey KEY_ID_GOES_HERE
   

5. Run these to automatically sign all commits with gpg:

   git config --global commit.gpgsign true
   git config --global gpg.program gpg
   

6. Use the public key block to update your remote repo settings (for GitHub, it’d be under GPG Keys):

   gpg --armor --export KEY_ID_GOES_HERE | pbcopy
   

7. Put this in .bash_profile:

   GPG_TTY=$(tty)
   

8. Or, if you’re a Fish user like me, put in config.fish:

   set -x GPG_TTY (tty)
   

9. Add to ~/.gnupg/gpg-agent.conf:

   pinentry-program /usr/local/bin/pinentry-mac
   

10. Add to ~/.gnupg/gpg.conf:

    use-agent
    batch
    require-cross-certification
    

11. Finally, restart gpg-agent:

    killall gpg-agent
    gpg-agent --daemon
    

References

• Generating a new GPG key
• Telling Git about your signing key
• GPG & SSH for Mac, the proper way?