You will be prompted to confirm that the key file is yours. Launch Kleopatra, click 'Import' or simply Ctrl + I and pick a private key file created above: $ gpg -export-secret-key -a C8528BF2 > private.asc Your private key is saved to private.asc file. Replace KEY_ID with your key id copied above. Now export your private key with command gpg -export-secret-key -a > private.asc. For this example, the GPG key ID is C8528BF2. $ gpg -list-secret-keysįrom the list of GPG keys, copy the GPG key ID you'd like to use. Open up Git Bash shell and use gpg -list-secret-keys command to list GPG keys for which you have both a public and private key. You can optionally back up the generated key, just in case. Type a passphrase to secure your key:ĭone. Review your information and key parameters, and press "Create Key": In Key Material section, set both RSA key size to the maximum value of 4096: Choose "New Key Pair" or simply Ctrl + N:Įnter your name and e-mail address, and move to 'Advanced Settings.': Start up Kleopatra, the gpg4win key manager. Be sure gpg4win is installed for both paths. If you are first to this or want to start over, follow 'Part 1-1' and skip 'Part 1-2'. This post consists of two paths: if you already have generated GPG key, go directly to 'Part 1-2'. gpg4win utilizes gpg-agent and pinentry, a small collection of dialog programs, to allow GnuPG to read passphrases from a user in a secure manner. But how about in GUI applications? The answer is "They can't".īut thanks to gpg4win, interacting with GUI applications becomes quite simple. In the command line, we just type a passphrase, done. Most of GUI-based VCS applications like SourceTree uses git.exe internally, which is exactly same as what we used in the Git Bash shell, to do their works.įor instance, SourceTree, utilizes `git.exe` internally to do their works.īut here is the question: "How these applications cope with my key passphrase when signing commits?".
#SIGN INTO GITHUB WITH SOURCETREE FOR WINDOWS WINDOWS#
However, most Windows users might want to use GUI-based Git applications like SourceTree, but using it with GPG sign enabled is always a real pain. Thankfully, Git for windows provides the command-line version of GPG out of the box. To prevent this mess, Git allows us to sign commits using GPG (GNU Privacy Guard) to identify our works. Check out A Git Horror Story: Repository Integrity With Signed Commits by Mike Gerwitz to see how this can be worse. This also means that anyone can use your identity. Simply putting user.name and user.email in. Git allows us to commit as anyone we want. SourceTree) 19 January 2018 on git, gpg, openpgp, sourcetree, gpg4win, Kleopatra Menu Signing Git commits with GPG on Windows (feat.
0 kommentar(er)
