Git-Digital Signature
work so hard one day your signature will be called an autograph !
All our git commits works based on the username and email id configured in the .gitconfig or .git/config global or local configuration file using the below commands without configuring git won’t allow any commits.
$ git config --global user.name username
$ git config --global user.email email@example.com
# check all your global configuration using below commands.
$ vi ~/.gitconfig
$ git config --local user.name username
$ git config --local user.email email@example.com
# check all your local configuration using below commands.
$ vi your-git-repo/.git/config
whenever we commit username and email recorded as part of the git commit. There is a way to override configured username and email while committing, which means it allows to use of anybody's username and email without getting permission from the user. Finally, if the user exists in GitHub their profile linked with the commit in the GUI, but on the profile page, no contribution activity recorded.
$ git commit --author="Anonymous User <anonymous@example.com>" -m "anonymous commit message"- Suppose your computer getting compromised with push access, it’s possible for any malicious(git-horror-story) code to commit with your name that may spoil your organization name and your name.
To avoid this git come up with a new feature called signed commit. using this feature every commits verified with git.
How to create signed commits?
To create signed commits we need to have Gnu Privacy Guard configured and a personal key installed and the public key has to stored in the GitHub profile settings → SSH and GPG keys section. Below are the steps required to follow to configure GPG public key configuration,
# To list the existing keys(public and private keys)
$ gpp --list-key(s) or gpg --list-secret-key(s)
# To list the existing signature
$ gpg --list-signature
# To list the existing fingerprint
$ gpg --fingerprint# To generate new pair of gpg keys. If gpg version is 2.1.17 and above less then this version use (gpg --gen-key)
$ gpg --generate-key or gpg --full-generate-key
gpg (GnuPG) 2.2.9; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) yGnuPG needs to construct a user ID to identify your key.Real name: Felix Stephen
Email address: my_email@example.com
Comment:
You selected this USER-ID:
"Felix Stephen <my_email@example.com>"Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key A33AFD6BAC5AD0F9 marked as ultimately trusted
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/81E68D24686B87703B61E00EA33AFD6BAC5AD0F9.rev'
public and secret key created and signed.pub rsa1024 2021-02-04 [SC]
81E68D24686B87703B61E00EA33AFD6BAC5AD0F9
uid Felix Stephen <my_email@example.com>
sub rsa1024 2021-02-04 [E]# Once the key is generated we need to get export the key and add it into github profile settings--> SSH and GPG Keys section.
$ gpg --armor --export <key-id or finger-print or email-id>
-----BEGIN PGP PUBLIC KEY BLOCK-----
<encrypted secret key>
-----END PGP PUBLIC KEY BLOCK-----
Once the key is added to your GitHub account, need to configure the key details in your git configuration settings. below are the steps required to follow to achieve git configuration,
# Git username configuration settings
$ git config --global user.name "Felix Stephen"
# Git user email configuration settings
$ git config --global user.email "my_email@example.com"
# To get the gpg key id
$ gpg --list-secret-keys --keyid-format LONG
sec rsa1024/A33AFD6BAC5AD0F9 2021-02-04 [SC]
81E68D24686B87703B61E00EA33AFD6BAC5AD0F9
uid [ultimate] Felix Stephen <my_email@example.com>
ssb rsa1024/5821E0924BF659ED 2021-02-04 [E]# Add the key id into git configuration settings
$ git config --global user.signingkey A33AFD6BAC5AD0F9
# Enabling signed commit configuration settings
$ git config --global commit.gpgsign true
# Enabling signed tag configuration settings
$ git config --global tag.gpgSign true
Once all the git configurations are added then we have almost done! 😄
Git signed commits!
# To create signed a commits!
$ git commit -S -m "commit message"
# To check the signature using git log
$ git log --show-signature
# To push all your changes
$ git push origin mainOnce you pushed all your changes into GitHub, your commits marked with verified batch,
Git signed tags!
# To create a signed tag
$ git tag -s v1.0 -m "Release 1.0"
# To publish your tags
$ git push origin v1.0
# To view the signed tag
$ git show v1.0Once you pushed all your tags, your tags marked with a verified batch.
Whenever you commit if you get the following error, please use the below command to rectify it!
error: gpg failed to sign the data
fatal: failed to write commit object
$ export GPG_TTY=$(tty)
