Configure a GitHub GPG Key in Windows and WSL
We can configure Git locally to sign commits using a GPG key, then GitHub will mark those commits as verified so other people can be confident that the changes come from a trusted source.
Requirements
- Git installed on Windows.
- Git installed on WSL.
Install required programs
First we need to install gnupg, this program can be installed from:
- Winget:
winget install “GnuPG.GnuPG” –source winget –accept-package-agreements –accept-source-agreements –silent;
- Chocolatey:
choco install gnupg -y;
- Manually from its website:
Generate a GPG key
If you have installed gnupg from the command line using Winget or Chocolatey, you must restart the console or refresh the environment variables.
Open a Windows PowerShell command window.
Run this command to generate the GPG key:
gpg --full-generate-key
It will start asking for certain data, use these:
- Kind: RSA & RSA.
- Key Size: 4096 bits.
- Expiration: 0 (Never expires).
- Real Name: Here use your GitHub Username.
- Email: Here use your GitHub email, this will be the alias of the GPG key.
- Comment: You can leave this empty.
Configure Git for Windows
Open a Windows PowerShell command window.
First locate where gnupg is installed and save it into a variable:
$gnupgPath = where.exe gpg
Configure Git to use gnupg as GPG program:
git config --global gpg.program $gnupgPath
Configure Git to sign all commits by default:
git config --global commit.gpgsign true
Configure Git to use your GPG key as signing key
git config --global user.signingkey "Use the alias of the GPG key here"
Optional: Configure Git to sign all tags by default:
git config --global tag.gpgsign true
Configure Git for WSL (Windows Subsystem for Linux)
Open a Windows PowerShell command window.
First locate where gnupg is installed and save it into a variable:
$gnupgPath = where.exe gpg
Translate the path to WSL:
$gnupgWslPath = wsl wslpath $gnupgPath
Configure Git to use gnupg as GPG program:
wsl git config --global gpg.program $gnupgWslPath
Configure Git to sign all commits by default:
wsl git config --global commit.gpgsign true
Configure Git to use your GPG key as signing key
wsl git config --global user.signingkey "Use the alias of the GPG key here"
Optional: Configure Git to sign all tags by default:
wsl git config --global tag.gpgsign true
Configure the GPG key in GitHub
We export the key using:
gpg --armor --export "Use the alias of the GPG key here"
Now open the GitHub page to add GPG key on GitHub:
Place the returned text in the text box and press Add.
And that’s it, Git and GitHub are already configured to sign all commits from Windows and WSL.