Sign Git commits with Keybase

Keybase is an public key crypto for everyone, maps your identity to your public keys, and vice versa.

This post will show you how to sign your Git commit with Keybase GPG key, and how to publish your key to Github

Generate a new GPG key

In case you haven’t had any GPG keys on Keybase

$ keybase pgp gen --multi

# then follow the instruction, select "Upload your key to Keybase"

Import GPG key from Keybase

In case you already have GPG keys on Keybase

# Import secret key from keybase
$ keybase pgp export --secret | gpg --allow-secret-key-import --import

To check if your key has been imported into your local GPG secret keys

$ gpg --list-secret-keys

This is how it looks like if successfully imported.

# Private key basic information

sec   4096R/BC775C77 2016-04-09 [expires: 2032-04-05]
uid                  John Doe <[email protected]>
ssb   4096R/7BDF34CD 2016-04-09

Sign Git commit

If you want to sign your Git commit with the key generated/imported

$ git config --global user.signingkey <key-id>
# key-id is **BC775C77** for the sample private key above

Import Public key to Github

To get your commit verified by Github like below

To get your public key

$ keybase pgp export

Then attach the key to Github

That’s it! Feel free to leave your comments.