How to: Verified GitHub Commits

Omar Aziz - 1 min read
March 27, 2022

  • github

  • git

  • gpg

verified github commit ui

Table of Contents

0. Prerequisites

gpg installed.

brew install gpg

1. Generate GPG Key

# usage: gpg [options] --quick-generate-key USER-ID [ALGO [USAGE [EXPIRE]]]
gpg --dry-run --quick-generate-key "John Doe <[email protected]>" RSA4096

You will be prompted to enter a passphrase. You can leave it blank if you want.

2. Verify Generated GPG Key

gpg --list-secret-keys --keyid-format LONG

Should return something like this:

# ...
sec   rsa4096/1V34534653463459 2021-11-11 [SC] [expires: 2022-11-11]
uid                 [ultimate] John Doe <[email protected]>
ssb   rsa4096/FALUO2G5PI2UG523 2021-11-11 [E] [expires: 2022-11-11]

Take note of the 16 digit number in the red box above. This is the key ID.

3. Add Key to GitHub

You have two options:

(1) Add through GitHub CLI, or

(2) Copy key file and manually paste on

3.1. Add Key through GitHub CLI

gh gpg-key add path/to/file.gpg

3.2. Add Key to GitHub

gpg --armor --export 1V34534653463459

Then, go to and paste the contents of the key file.

4. Git Configuration

git config —global user.signingkey 1V34534653463459
git config —global commit.gogsign true