Github has vigilant mode which verifies the commit was made by the user who can be verified by the gpg or ssh keys. By default, if you make any commit from the web interface, they seem to be verified. However, we want to enable it from the command line interface.
1. Go to settings in your GitHub account.
2. Click on the SSH and GPG keys section. You will notice a section on how to generate a gpg key and add it your account.
https://docs.github.com/en/authentication/managing-commit-signature-verification
3. Go to "Generating a new GPG key". Since we are using Mac, we will be using MacOS instructions.
If gpg is not installed, install using brew
brew install gpg
gpg --full-generate-key
Follow instructions, select rsa4096 if prompted.
4. For user id, use the same email you have on GitHub otherwise it won't get verified properly. If you have email privacy enabled, your email won't be same as your actual email. It will have something "@users.noreply.github.com" in it. Note that email from Github setting. Use that email as ID
Use this command to get the key-id of the gpg key that you just generated.
gpg --list-secret-keys --keyid-format=long
[keyboxd]---------sec rsa4096/6B70BE2C5B178986 2024-10-10 [SC] [expires: 2025-10-08]4D9A0A25EC&EIE9FUHUDE2C5B1899R
No comments:
Post a Comment