简介
Git 提交签名是一种验证机制,用于确认代码提交是由特定的开发者进行的,这样可以确保代码的来源。在这篇文章中,我们将会通过以下步骤来创建并使用 GPG 密钥进行 Git 提交签名。
创建 GPG 密钥
首先,我们需要创建一个新的 GPG 密钥。在你的终端中,输入以下命令:
gpg --full-generate-key
然后,你会看到一些选择,如下:
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
在这里,我们选择 “RSA and RSA” 作为我们的密钥类型。
接下来,选择你的密钥长度。在这里,我们选择最大的 4096 bits。
然后,设置你的密钥有效期。在这里,我们选择 “0”,意味着密钥永不过期。
最后,输入你的真实姓名和电子邮件地址。注意,这个电子邮件地址应该与你的 GitHub 账户的电子邮件地址相同。
最后让你输入key的密码,这里我为了方便就没有输入密码,它会提示两次,两次确认不要密码之后就会创建key成功,详细如下
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: bboysoul
Email address: [email protected]
Comment: bboysoul
You selected this USER-ID:
"bboysoul (bboysoul) <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key B56AE528749E4720 marked as ultimately trusted
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/C9629863614001FEA5D09F46B56AE528749E4720.rev'
public and secret key created and signed.
pub rsa4096 2024-02-02 [SC]
C9629863614001FEA5D09F46B56AE528749E4720
uid bboysoul (bboysoul) <[email protected]>
sub rsa4096 2024-02-02 [E]
查看并导出密钥
创建密钥后,我们可以通过以下命令查看密钥:
gpg --list-secret-keys --keyid-format LONG
然后,我们需要导出我们刚刚创建的密钥。在这里,我们使用以下命令导出密钥:
gpg --armor --export YOUR_KEY_ID
其中,YOUR_KEY_ID 是你在上一步中看到的 rsa4096 后面的字符串。
最后,将你的公钥添加到 GitHub。你可以在 GitHub settings keys 页面上添加你的公钥。
配置 Git
接下来,我们需要告诉 Git 使用我们刚刚创建的 GPG 密钥。首先,我们设置全局的 signingkey:
git config --global user.signingkey YOUR_KEY_ID
然后,我们开启 GPG 签名:
git config --global commit.gpgsign true
解决常见问题
如果你在提交时遇到以下错误:
error: gpg failed to sign the data
fatal: failed to write commit object
这可能是由于你的 shell 环境问题。你可以通过添加以下环境变量来解决这个问题:
export GPG_TTY=$(tty)
现在,你已经成功配置了 Git 提交签名。每次你提交代码时,Git 都会使用你的 GPG 密钥进行签名,确保代码的来源。
欢迎关注我的博客www.bboy.app
Have Fun