Tag Archives: GPG
Git is cryptographically secure, but it’s not foolproof. If you’re taking work from others on the internet and want to verify that commits are actually from a trusted source, Git has a few ways to sign and verify work using GPG. Introduction to GPG First of all, if you want to sign anything you need to get GPG configured and your personal key installed. If you don’t have a key installed, you can generate one with gpg --gen-key. Once you have a private key to sign with, you can configure Git to use it for signing things by setting the user.signingkey config setting. Now Git will use your key by default to sign tags and commits if you want. Add…