I just went through a few steps to get gpg signing to work on my mac and show up on github. I wanted to quickly document the process since the instructions are a little bit scattered. All of it basically came from a few clicks on the github help pages, though, so thanks for all the info, github.
Step 1: Download and install GPG Suite
Step 2: Create a gpg key via GUI, but not really?
After I followed the GPG Suite wizard to create a gpg key, it for some reason did not show up in the GPG Keychain GUI. Maybe I accidentally clicked “cancel”. I don’t know. I ended up ignoring this and moving on to the next step.
Step 3: Create a gpg key via command line.
Step 4: Add that gpg key to GPG Keychain
While following instructions on Step 3, at one point you copy the public key to your clipboard. At this point, GPG Keychain notices that a gpg key is in your clipboard and asks if you want to import it. I said yes.
Step 5: Associate this GPG Key with your account on github
Step 6: Tell git to always sign my commits
git config --global commit.gpgsign true
Step 7: Make a commit as usual
This magically pops up a window asking for my passphrase.
I told the keychain to remember my passphrase after entering it.
On subsequent commits, it doesn’t ask me anymore.
The end. After these steps, my commits started being automagically signed. On github the commits show up as “Verified”. I assume that it might be important to have parity between your committer identity and the name/email you put on your commits. Since mine match, I just didn’t have to worry about it.