用 GPG 为 commit 进行签名
用 GPG 为 commit 进行签名
Innei
发布于 2021-12-28 14:32:05
发布于 2021-12-28 14:32:05
代码可运行
运行总次数:0
代码可运行
前言
GnuPG(简称 GPG),它是目前最流行、最好用的开源加密工具之一。 GPG 有许多用途,比如对文件,邮件的加密。而本文要说的是,如何使用 GPG 来加密 Github Commits。 在 Github 上查看一些项目的 Commits 时,偶尔会发现「This commit was signed with a verified signature.」字样.
开始
签名过程引用至秋水逸冰的博客和 GitLab Docs.
一、安装 Git 和 TortoiseGit 关于如何在 Windows 下安装 Git 和 TortoiseGit,请参考《Git初学者:msysgit和tortoisegit》一文。 官方网站:
二、生成密钥
bash
1gpg --full-gen-keyCOPY
bash
1Please select what kind of key you want:
2 (1) RSA and RSA (default)
3 (2) DSA and Elgamal
4 (3) DSA (sign only)
5 (4) RSA (sign only)
6 Your selection? 1
7 RSA keys may be between 1024 and 4096 bits long.
8 What keysize do you want? (2048) 4096
9 Requested keysize is 4096 bits
10 Please specify how long the key should be valid.
11 0 = key does not expire
12 <n> = key expires in n days
13 <n>w = key expires in n weeks
14 <n>m = key expires in n months
15 <n>y = key expires in n years
16 Key is valid for? (0) 0
17 Key does not expire at all
18Is this correct? (y/N) y
19 GnuPG needs to construct a user ID to identify your key.
20
21 Real name: Mr. Robot
22 Email address: <your_email>
23 Comment:
24 You selected this USER-ID:
25 "Mr. Robot <your_email>"
26
27 Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
28$ gpg --list-secret-keys
29 sec rsa4096/30F2B65B9246B6CA 2017-08-18 [SC]
30 D5E4F29F3275DC0CDA8FFC8730F2B65B9246B6CA
31 uid [ultimate] Mr. Robot <your_email>
32 ssb rsa4096/B7ABC0813E4028C0 2017-08-18 [E]
33$ gpg --armor --export 30F2B65B9246B6CACOPY
bash
1git config --global user.signingkey <your-key-id>
2git config --global commit.gpgsign trueCOPY
到这里都没什么问题,但是 commit 出现了这种情况
bash
1$ git commit -S -m 'test'
2error: gpg failed to sign the data
3fatal: failed to write commit objectCOPY
试试随便签个名.
bash
1$ echo "test" | gpg --clearsign
2-----BEGIN PGP SIGNED MESSAGE-----
3Hash: SHA512
4
5test
6gpg: signing failed: Inappropriate ioctl for device
7gpg: [stdin]: clear-sign failed: Inappropriate ioctl for deviceCOPY
也报错了.
最后找到了解决方案.
bash
1$ export GPG_TTY=$(tty)COPY
然后再试试
bash
1$ echo "test" | gpg --clearsign
2-----BEGIN PGP SIGNED MESSAGE-----
3Hash: SHA512
4
5test
6-----BEGIN PGP SIGNATURE-----
7
8iQGzBAEBCgAdFiEEiTCsbQwHgLPA1jzpwDX/CUZGZk8FAl0GOpgACgkQwDX/CUZG
9Zk/+RAv/aX0/V+imhH4K8gHXU3e2TTjy9LiRrdybNha1EduIzSObAH2EheqzmJW3
10m0+bQ+30liw9wTxGw36ZDaRkpIf28Tiye0/1eA/mK9NWLreZcrRBdVxRxAtNJubW
11KnncGAtlG0mlFv3ttF1NypYaHhcj7UvvTrSV6A/+deb/523INmedeTEjRIu9twhZ
12DcqbJ13Uypz1RNDBchTaUOy5HdJ+qYpj1TObPgxcjj/mBcyutEZnfy0tHuhNY9qN
13CxRuJKcnXq62u+mEuimiYbjptZJzZ1IHXCqRQm/p3RjPK+p60kW/LBXA6l21+xMG
14+n25fnuLrjUiLUO+K5bY6JPYEDvh2QqNtiC0OxyKByKUQCpr8mdXUdSWkpJcQztu
15roeReWJZ9d19WcYn3gozlPlPH42nEGTObwmjMsHCWeAsTdb334N5yMoNfqh6GWI4
16J25SqjOQfFUfJ/uDCAQdI+xH9OnNDXXF/8fouVMnGqQ8hmJZ4lJq2WyC0cwftMJA
17yttCQOEI
18=7ocx
19-----END PGP SIGNATURE-----COPY
成功了. commit 再试试
bash
1$ git commit -S -m 'test'
2[master 1ad79dc] test
3 1 file changed, 191 insertions(+), 191 deletions(-)COPY
OK了.
最后
把 export GPG_TTY=$(tty) 写入 .zshrc.
bash
1echo 'export GPG_TTY=$(tty)' >> ~/.zshrc本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2019-06-16,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录
腾讯云开发者
