It is a powerful Git client that makes it easy to work and interact with Git repositories, both locally and remotely, using a GUI. To check everything works, make a commit somewhere.Sourcetree is a free, easy to use Git client for both Windows and Mac users that is built by Atlassian, the same company that owns the hugely popular bug tracking tool Jira. If you are using 32-bit Windows, or if you have installed gpg4win into another location, replace it with the correct location of the program. $ git config -global gpg.program "C:/Program Files (x86)/GNU/GnuPG/gpg2.exe" You can omit -global flag if you want to set default only for certain local repository.įinally, tell Git to use the gpg4win version of gpg.exe. To configure your Git client to sign commits automatically by default in any local repository on your computer, run: $ git config -global commit.gpgsign true In Git versions 2.0.0 and above, you don't have to specify -S for each commit anymore. $ git config -global user.signingkey C8528BF2įYI: The number in the rightmost column in Kleopatra window is your key ID Open up Git Bash shell, type this command replacing KEY_IDwith your own GPG key id. Keys are ready, but we need to tell Git to use gpg4win for signing commits instead of embedded gpg.exe. So far, we created/imported key to Kleopatra, which is default key manager for gpg4win. Part 2: Tell Git to interact with gpg4win You will be prompted to confirm that the key file is yours. ![]() Launch Kleopatra, click 'Import' or simply Ctrl + I and pick a private key file created above: $ gpg -export-secret-key -a C8528BF2 > private.asc Your private key is saved to private.asc file. Replace KEY_ID with your key id copied above. Now export your private key with command gpg -export-secret-key -a > private.asc. For this example, the GPG key ID is C8528BF2. $ gpg -list-secret-keysįrom the list of GPG keys, copy the GPG key ID you'd like to use. Open up Git Bash shell and use gpg -list-secret-keys command to list GPG keys for which you have both a public and private key. You can optionally back up the generated key, just in case. Type a passphrase to secure your key:ĭone. ![]() Review your information and key parameters, and press "Create Key": In Key Material section, set both RSA key size to the maximum value of 4096: Choose "New Key Pair" or simply Ctrl + N:Įnter your name and e-mail address, and move to 'Advanced Settings.': Start up Kleopatra, the gpg4win key manager. Be sure gpg4win is installed for both paths. If you are first to this or want to start over, follow 'Part 1-1' and skip 'Part 1-2'. This post consists of two paths: if you already have generated GPG key, go directly to 'Part 1-2'. gpg4win utilizes gpg-agent and pinentry, a small collection of dialog programs, to allow GnuPG to read passphrases from a user in a secure manner. But how about in GUI applications? The answer is "They can't".īut thanks to gpg4win, interacting with GUI applications becomes quite simple. In the command line, we just type a passphrase, done. Most of GUI-based VCS applications like SourceTree uses git.exe internally, which is exactly same as what we used in the Git Bash shell, to do their works.įor instance, SourceTree, utilizes `git.exe` internally to do their works.īut here is the question: "How these applications cope with my key passphrase when signing commits?". However, most Windows users might want to use GUI-based Git applications like SourceTree, but using it with GPG sign enabled is always a real pain. Thankfully, Git for windows provides the command-line version of GPG out of the box. To prevent this mess, Git allows us to sign commits using GPG (GNU Privacy Guard) to identify our works. Check out A Git Horror Story: Repository Integrity With Signed Commits by Mike Gerwitz to see how this can be worse. This also means that anyone can use your identity. Simply putting user.name and user.email in. Git allows us to commit as anyone we want. SourceTree) 19 January 2018 on git, gpg, openpgp, sourcetree, gpg4win, Kleopatra ![]() Menu Signing Git commits with GPG on Windows (feat.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |