用 GPG 为 commit 进行签名

前言

GnuPG（简称 GPG），它是目前最流行、最好用的开源加密工具之一。 GPG 有许多用途，比如对文件，邮件的加密。而本文要说的是，如何使用 GPG 来加密 Github Commits。在 Github 上查看一些项目的 Commits 时，偶尔会发现「This commit was signed with a verified signature.」字样.

开始

签名过程引用至秋水逸冰的博客和 GitLab Docs.

一、安装 Git 和 TortoiseGit 关于如何在 Windows 下安装 Git 和 TortoiseGit，请参考《Git初学者：msysgit和tortoisegit》一文。官方网站： https://git-scm.com https://tortoisegit.org

二、生成密钥

gpg --full-gen-key

Please select what kind of key you want:
    (1) RSA and RSA (default)
    (2) DSA and Elgamal
    (3) DSA (sign only)
    (4) RSA (sign only)
 Your selection? 1
  RSA keys may be between 1024 and 4096 bits long.
 What keysize do you want? (2048) 4096
 Requested keysize is 4096 bits
  Please specify how long the key should be valid.
          0 = key does not expire
       <n>  = key expires in n days
       <n>w = key expires in n weeks
       <n>m = key expires in n months
       <n>y = key expires in n years
 Key is valid for? (0) 0
 Key does not expire at all
Is this correct? (y/N) y
 GnuPG needs to construct a user ID to identify your key.

 Real name: Mr. Robot
 Email address: <your_email>
 Comment:
 You selected this USER-ID:
     "Mr. Robot <your_email>"

 Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
$ gpg --list-secret-keys
  sec   rsa4096/30F2B65B9246B6CA 2017-08-18 [SC]
       D5E4F29F3275DC0CDA8FFC8730F2B65B9246B6CA
 uid                   [ultimate] Mr. Robot <your_email>
 ssb   rsa4096/B7ABC0813E4028C0 2017-08-18 [E]
$ gpg --armor --export 30F2B65B9246B6CA

git config --global user.signingkey <your-key-id>
git config --global commit.gpgsign true

到这里都没什么问题,但是 commit 出现了这种情况 bash $ git commit -S -m 'test' error: gpg failed to sign the data fatal: failed to write commit object 试试随便签个名. ```bash $ echo "test" | gpg --clearsign -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

test gpg: signing failed: Inappropriate ioctl for device gpg: failed: Inappropriate ioctl for device ```

也报错了.

最后找到了解决方案.

$ export GPG_TTY=$(tty)

然后再试试 ```bash $ echo "test" | gpg --clearsign -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

test -----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEiTCsbQwHgLPA1jzpwDX/CUZGZk8FAl0GOpgACgkQwDX/CUZG Zk/+RAv/aX0/V+imhH4K8gHXU3e2TTjy9LiRrdybNha1EduIzSObAH2EheqzmJW3 m0+bQ+30liw9wTxGw36ZDaRkpIf28Tiye0/1eA/mK9NWLreZcrRBdVxRxAtNJubW KnncGAtlG0mlFv3ttF1NypYaHhcj7UvvTrSV6A/+deb/523INmedeTEjRIu9twhZ DcqbJ13Uypz1RNDBchTaUOy5HdJ+qYpj1TObPgxcjj/mBcyutEZnfy0tHuhNY9qN CxRuJKcnXq62u+mEuimiYbjptZJzZ1IHXCqRQm/p3RjPK+p60kW/LBXA6l21+xMG +n25fnuLrjUiLUO+K5bY6JPYEDvh2QqNtiC0OxyKByKUQCpr8mdXUdSWkpJcQztu roeReWJZ9d19WcYn3gozlPlPH42nEGTObwmjMsHCWeAsTdb334N5yMoNfqh6GWI4 J25SqjOQfFUfJ/uDCAQdI+xH9OnNDXXF/8fouVMnGqQ8hmJZ4lJq2WyC0cwftMJA yttCQOEI =7ocx -----END PGP SIGNATURE----- 成功了. commit 再试试bash $ git commit -S -m 'test' [master 1ad79dc] test 1 file changed, 191 insertions(+), 191 deletions(-) ``` OK了.

最后

把 export GPG_TTY=$(tty) 写入 .zshrc.

echo 'export GPG_TTY=$(tty)' >> ~/.zshrc