GPG signing for github & mac

I just went through a few steps to get gpg signing to work on my mac and show up on github. I wanted to quickly document the process since the instructions are a little bit scattered. All of it basically came from a few clicks on the github help pages, though, so thanks for all the info, github.

Step 1: Download and install GPG Suite

Step 2: Create a gpg key via GUI, but not really?
After I followed the GPG Suite wizard to create a gpg key, it for some reason did not show up in the GPG Keychain GUI. Maybe I accidentally clicked “cancel”. I don’t know. I ended up ignoring this and moving on to the next step.

Step 3: Create a gpg key via command line.

Step 4: Add that gpg key to GPG Keychain
While following instructions on Step 3, at one point you copy the public key to your clipboard. At this point, GPG Keychain notices that a gpg key is in your clipboard and asks if you want to import it. I said yes.

Step 5: Associate this GPG Key with your account on github

Step 6: Tell git to always sign my commits

git config --global commit.gpgsign true

Step 7: Make a commit as usual
This magically pops up a window asking for my passphrase.
I told the keychain to remember my passphrase after entering it.
On subsequent commits, it doesn’t ask me anymore.

The end. After these steps, my commits started being automagically signed. On github the commits show up as “Verified”. I assume that it might be important to have parity between your committer identity and the name/email you put on your commits. Since mine match, I just didn’t have to worry about it.


About Dan Burton

I love functional programming and awesome type systems, which makes Haskell my obvious language of choice.
This entry was posted in Uncategorized. Bookmark the permalink.

2 Responses to GPG signing for github & mac

  1. Dan Burton says:

    Note that if you upgrade your mac, it will start using gpg2 instead of gpg1. This may cause problems. Here’s how I fixed:

    $ brew install pinentry-mac
    $ echo ‘use-agent’ >> ~/.gnupg/gpg.conf
    $ echo ‘pinentry-program /usr/local/bin/pinentry-mac’ >> ~/.gnupg/gpg-agent.conf

  2. Dan Burton says:

    Set up a new mac, ran into issues yet again.

    Mostly followed the following suggestions for the solution:

    (However, pinentry-mac works just fine and seems to be more convenient than plain old pinentry.)

    at the end, my config files look like this:


    # no-emit-version


    pinentry-program /usr/local/bin/pinentry-mac


    gpgsign = true
    signingkey = <>
    name = Dan Burton
    email =
    program = gpg2

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s