Member-only story
How to Make Verified GitHub Commits
2 min readDec 25, 2021
GitHub has a set of detailed instructions; however, if you know your way around a Linux shell and have a basic understanding of how keys work, this is a condensed TL;DR version.
Also, with minimal effort it could be automated in a shell script (even uploading the key to GitHub via API).
Here is the sequence of commands, along with the relevant output:
gpg --generate-keygpg --list-keys
pub rsa3072 2021-12-25 [SC] [expires: 2023-12-25]
A6D*******************************72EE84
uid [ultimate] Marco Massenzio <*@m****nz.io>
sub rsa3072 2021-12-25 [E] [expires: 2023-12-25]GPG_KEY=A6D*******************************72EE84
gpg --keyserver keyserver.ubuntu.com \
--send-keys $GPG_KEYgpg --list-signatures --keyid-format 0xshort
pub rsa3072/0x0B*****4 2021-12-25 [SC] [expires: 2023-12-25]
A6D*******************************72EE84
uid [ultimate] Marco Massenzio <*@m****nz.io>
sig 3 0x0B*****4 2021-12-25 Marco Massenzio <*@m****nz.io>
sub rsa3072/0x4******D 2021-12-25 [E] [expires: 2023-12-25]
sig 0x0B*****4 2021-12-25 Marco Massenzio <*@m****nz.io>GPG_ID="0x0B*****4"
gpg --armor --export $GPG_ID
