Cheat Sheet

Although the latest git release allows you to sign with SSH Keys (and GitHub will implement this shortly if it hasn't already), most systems do not have the latest git release, and most verification systems are not updated with the newest verification techniques, so you may wish to sign your commits with GPG, as has been done for the last 20 years...

Here we'll cover



Example output:

GnuPG Public Key ID: CA025BC42F00BBBE



Successfully updated ~/.gitconfig for gpg commit signing

How to verify signed commits on GitHub:

    1. Go to 'Add GPG Key':
    2. Copy and paste the key above from the first ---- to the last ----


These are the files / directories that are created and/or modified with this install:


How to add your GPG Public Key to GitHub

  1. Go to your GitHub Profile (
  2. Go to the SSH and GPG Keys (
  3. Add GPG Key (
  4. Paste the output of gpg-pubkey into the form

How to cache the Passphrase longer

If you'd like the passphrase to be cached until your login session ends, just set it to 400 days and call it good.


default-cache-ttl 34560000
max-cache-ttl 34560000

You'll need to reload gpg-agent for this to take effect, or just logout and login again.

# kill gpg-agent dead
killall gpg-agent
gpgconf killall gpg-agent

# start gpg-agent again (yes, 'bye' to start)
gpg-connect-agent --agent-program ~/.local/opt/gnupg/bin/gpg-agent /bye

Note: You may need to change or omit --agent-program, depending on how you installed gpg (if you installed it with Webi, run it as shown above).

How to create a GPG Key


How to manually set up git commit gpg signing

(this is what git-config-gpg does)

Run gpg-pubkey-id to get your GnuPG Public Key ID and then update your ~/.gitconfig to sign with it by default:



git config --global user.signingkey "${MY_KEY_ID}"
git config --global commit.gpgsign true
git config --global log.showSignature true

Or, for Windows users:

#!/usr/bin/env pwsh

$my_key_id = gpg-pubkey-id

git config --global user.signingkey "$my_key_id"
git config --global commit.gpgsign true
git config --global log.showSignature true

Or, if you prefer to edit the text file directly:


  signingkey = CA025BC42F00BBBE
  gpgsign = true
  showSignature = true

In some cases you may also want to prevent conflicts between different installed versions of gpg, like so:

git config --global gpg.program ~/.local/opt/gnupg/bin/gpg
  program = /Users/me/.local/opt/gnupg/bin/gpg

Troubleshooting 'gpg failed to sign the data'

gpg is generally expected to be used with a Desktop client. On Linux servers you may get this error:

error: gpg failed to sign the data
fatal: failed to write commit object

Try to load the gpg-agent, set GPG_TTY, and then run a clearsign test.

gpg-connect-agent /bye
export GPG_TTY=$(tty)
echo "test" | gpg --clearsign

If that works, update your ~/.bashrc, ~/.zshrc, and/or ~/.config/fish/ to include the following:

gpg-connect-agent /bye
export GPG_TTY=$(tty)

If this is failing on Mac or Windows, then gpg-agent is not starting as expected on login (for Mac the above may work), and/or the pinentry command is not in the PATH.

If you just installed gpg, try closing and reopening your Terminal, or possibly rebooting.


Report an Issue Submit Installer Star on GitHub