Signing, or code signing specifically, is the process of using cryptography to digitally add a signature to data. The receiver of the data can verify that the signature is authentic, and therefore must've come from the signatory. It's like physical signatures, but digital and more reliable
Clearly, this is the first question that bumps into your mind after hearing about signing Git commits.
Okay, if you’re into Git, you might have already known that you can change git commit author name and email in a simple command.
git config --global user.name "YOUR_GITHUB_USERNAME"
git config --global user.email "YOUR_GITHUB_EMAIL" gpg --full-generate-key
gpg --list-secret-keys --keyid-format LONG/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid Hubot
ssb 4096R/42B317FD4BA89E7A 2016-03-10gpg --send-keys 3AA5C34371567BD2Don’t worry, this command will send public key only, it never sends your secret key!
Now, let’s export your public key from key ID.
gpg --armor --export 3AA5C34371567BD2Copy From ---- BEGIN PGP to KEY BLOCK -------
-----BEGIN PGP PUBLIC KEY BLOCK-----
<Long Random Text>
-----END PGP PUBLIC KEY BLOCK-----
which gpg/usr/bin/gpg
git config --global gpg.program "/usr/bin/gpg"gpg --list-secret-keys --keyid-format LONG
/home/suhail/.gnupg/pubring.kbx
-------------------------------
sec rsa3072/3AA5C34371567BD2 2022-10-30 [SC] [expires: 2024-10-29]
F7EFC23FF92C79301F40847852AE60C1EE3A6501
uid [ultimate] suhailroushan <suhailroushan13@gmail.com>
ssb rsa3072/AD20B7AA5EFC0B10 2022-10-30 [E] [expires: 2024-10-29]Your Key ID Is 3AA5C34371567BD2 from sec
git config --global user.signingkey 3AA5C34371567BD2
git config --global commit.gpgsign true[tag]
gpgsign = trueexport GPG_TTY=$(tty)git clone git@github.com:suhailroushan13/Signed-Commits.git
Make Changes
git add .
git commit -m "Changes Done"
git push origin master