Quickstart/notes for using gpg
Generate a new key:
gpg --full-generate-key
List keys:
gpg --list-keys
Export public key:
gpg --export --armor <KEYID>
GitHub commit signing
First, export your public key and add it to GitHub -> Settings -> SSH and GPG keys: https://github.com/settings/keys
git config --global user.signingkey KEYID
git config --global commit.gpgsign true
You may need to set `gpg.program` in git to point to the right path:
git config --global gpg.program $(which gpg)
Now, use the -S flag when committing:
git commit file -S -m "message
Logon to GitHub and look at the commit you just made. It should have a `Verified` tag indicating that the commit was signed.