Configure a GitHub GPG Key in Windows and WSL

We can configure Git locally to sign commits using a GPG key, then GitHub will mark those commits as verified so other people can be confident that the changes come from a trusted source.

GitHub verified commits

Requirements

  • Git installed on Windows.
  • Git installed on WSL.

Install required programs

First we need to install gnupg, this program can be installed from:

  • Winget:

    winget install “GnuPG.GnuPG” –source winget –accept-package-agreements –accept-source-agreements –silent;

  • Chocolatey:

    choco install gnupg -y;

  • Manually from its website:

    gnupg.org/download

Generate a GPG key

If you have installed gnupg from the command line using Winget or Chocolatey, you must restart the console or refresh the environment variables.

  1. Open a Windows PowerShell command window.

  2. Run this command to generate the GPG key:

    gpg --full-generate-key
    

    It will start asking for certain data, use these:

    • Kind: RSA & RSA.
    • Key Size: 4096 bits.
    • Expiration: 0 (Never expires).
    • Real Name: Here use your GitHub Username.
    • Email: Here use your GitHub email, this will be the alias of the GPG key.
    • Comment: You can leave this empty.

Configure Git for Windows

  1. Open a Windows PowerShell command window.

  2. First locate where gnupg is installed and save it into a variable:

    $gnupgPath = where.exe gpg
    
  3. Configure Git to use gnupg as GPG program:

    git config --global gpg.program $gnupgPath
    
  4. Configure Git to sign all commits by default:

    git config --global commit.gpgsign true
    
  5. Configure Git to use your GPG key as signing key

    git config --global user.signingkey "Use the alias of the GPG key here"
    
  6. Optional: Configure Git to sign all tags by default:

    git config --global tag.gpgsign true
    

Configure Git for WSL (Windows Subsystem for Linux)

  1. Open a Windows PowerShell command window.

  2. First locate where gnupg is installed and save it into a variable:

    $gnupgPath = where.exe gpg
    
  3. Translate the path to WSL:

    $gnupgWslPath = wsl wslpath $gnupgPath
    
  4. Configure Git to use gnupg as GPG program:

    wsl git config --global gpg.program $gnupgWslPath
    
  5. Configure Git to sign all commits by default:

    wsl git config --global commit.gpgsign true
    
  6. Configure Git to use your GPG key as signing key

    wsl git config --global user.signingkey "Use the alias of the GPG key here"
    
  7. Optional: Configure Git to sign all tags by default:

    wsl git config --global tag.gpgsign true
    

Configure the GPG key in GitHub

  1. We export the key using:

    gpg --armor --export "Use the alias of the GPG key here"
    
  2. Now open the GitHub page to add GPG key on GitHub:

    GitHub add GPG key

  3. Place the returned text in the text box and press Add.

And that’s it, Git and GitHub are already configured to sign all commits from Windows and WSL.