Tutorial How to use PGP with Github Desktop for Windows

Bluscream

Retired Staff
Contributor
May 8, 2015
967
934
211
A few days ago i saw a commit by someone having a
1a7318ec9c2c477d9582fc94b490e51d.png
checkmark. And i was like "This is cool, i want it too xD". So i started browsing github's FAQ searching for it. Sadly the first site i found told me
5ed25a234a3d4d86acdbc6936ade3e69.png

And i was like "F*CK YOU GITHUB". So i figured it out myself (Had some problems and a short email conv with the guy that i first saw the checkmark on) and now i'm going to share it with you :D
  1. Add a new user/system variable %GNUPGHOME%
  2. (Restart your PC)
  3. Get and install GPG4Win.
  4. Add a new OpenPGP Key Certificate with Kleopatra [It was installed with GPG4Win] (The email must match your github login email) (DON'T PASSWORD PROTECT IT [JUST LEAVE THE PASSWORD FIELD EMPTY])
  5. Check if everything worked by taking a look at the %USERPROFILE%\.gnupg folder (It should be full of files)
  6. Now open a command line and enter gpg --armor --export <your github login email>
  7. (If nothing comes up try to find your key with gpg --list-secret-keys --keyid-format LONG)
  8. Copy the output in your clipboard,open https://github.com/settings/keys, click on "New GPG key", paste the block of text in there and click "Click add GPG key".
  9. Open Github Desktop, rightclick on any repo and click on "Open in Git Shell". It should bring up a window like this.
  10. Enter git config --global --edit and check if the following entries already exist. If not, add them!
    Code:
    [user]
        name = <YOUR GITHUB NAME>
        email = <YOUR GITHUB LOGIN EMAIL>
        signingkey = <YOUR SHORT KEY HASH>
    [commit]
      gpgsign = true
  11. Repeat the same with git config --system --edit.
  12. Restart your github desktop and maybe your pc and try a test commit.
  13. Enjoy
    85f293a7601a47d6b2269e519a208c5c.png
If you encounter an issue please post it here or mail me at admin[at]timo.de.vc
 
Last edited by a moderator:

Derp

Retired Staff
Contributor
Apr 30, 2015
933
1,017
217
Oh so now people use pgp verified commits just because "it looks cool"...what in the actual living fuck?

"(DON'T PASSWORD PROTECT IT [JUST LEAVE THE PASSWORD FIELD EMPTY])"

Unprotected PGP Private Key?, What is the real purpose of this tutorial?, This is definitely not "How to use PGP with Github Desktop on Windows", It's more like "How to enable the "cool" 'Verified' mark on commits, ignoring the real purpose of PGP"
 

Bluscream

Retired Staff
Contributor
May 8, 2015
967
934
211
The reason behind the missing password on the key is simple. It doesn't work. Maybe it works on linux but on windows it gives strange errors that you can't bypass. If you want supported (real/protected) PGP you should simply use another git client or wait for an update that adds this feature in a supported way to the official client. And yes, it is cool :cool:

btw. The PGP encryption itself does work, so just cause there is no password on a key doesn't mean it's useless ;)
 

Derp

Retired Staff
Contributor
Apr 30, 2015
933
1,017
217
There is not such thing as "Unprotected PGP", The idea is, You use PGP? You're looking for a way to verify it is really you who is committing the changes (in this scenario), not "Use it just to get the cool verified mark on your commits"

"PGP encryption itself does work, so just cause there is no password on a key doesn't mean it's useless"

You are never using PGP to encrypt any communication, You are using PGP to sign your commit. By not securing your PGP key you are defeating the purpose of PGP Signing. Somebody could simply use your pc or steal your pgp key and impersonate you, and you really don't want that.
 
Top