Thursday, January 21, 2021

GPG - Generate gpg key to sign your commit on git/github

 How to sign your commit on github repo


1. Check if gpg is installed..

If not download from gnupg.org

# wget https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.27.tar.bz2


2. Verify if ppg is instaled

root@master ~]# gpg

gpg: directory '/root/.gnupg' created

gpg: keybox '/root/.gnupg/pubring.kbx' created

gpg: WARNING: no command supplied.  Trying to guess what you mean ...

gpg: Go ahead and type your message ...

^C

gpg: signal Interrupt caught ... exiting


3. Generate a certificate

[root@master ~]# gpg --full-generate-key

gpg (GnuPG) 2.2.9; Copyright (C) 2018 Free Software Foundation, Inc.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.


Please select what kind of key you want:

   (1) RSA and RSA (default)

   (2) DSA and Elgamal

   (3) DSA (sign only)

   (4) RSA (sign only)

Your selection?

RSA keys may be between 1024 and 4096 bits long.

What keysize do you want? (2048) 4096

Requested keysize is 4096 bits

Please specify how long the key should be valid.

         0 = key does not expire

      <n>  = key expires in n days

      <n>w = key expires in n weeks

      <n>m = key expires in n months

      <n>y = key expires in n years

Key is valid for? (0)

Key does not expire at all

Is this correct? (y/N) y


GnuPG needs to construct a user ID to identify your key.


Real name: sam

Name must be at least 5 characters long

Real name: sam@gmail.com

Email address: sam@gmail.com

Comment: no coment

You selected this USER-ID:

    "sam@gmail.com (no coment) <sam@gmail.com>"


Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

We need to generate a lot of random bytes. It is a good idea to perform

some other action (type on the keyboard, move the mouse, utilize the

disks) during the prime generation; this gives the random number

generator a better chance to gain enough entropy.

We need to generate a lot of random bytes. It is a good idea to perform

some other action (type on the keyboard, move the mouse, utilize the

disks) during the prime generation; this gives the random number

generator a better chance to gain enough entropy.

gpg: /root/.gnupg/trustdb.gpg: trustdb created

gpg: key DC882D52337328DE marked as ultimately trusted

gpg: directory '/root/.gnupg/openpgp-revocs.d' created

gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/2FFE7EDE77C31A95FFE6DBAFDC882D52337328DE.rev'

public and secret key created and signed.


pub   rsa4096 2021-01-20 [SC]

      2FFE7EDE77C31A95FFE6DBAFDC882D52337328DE

uid                      sam@gmail.com (no coment) <sam@gmail.com>

sub   rsa4096 2021-01-20 [E]


Certificate is successfully created. now, using this certificate, you can create public/private key


4. Now, list the secret keys, since we have only one, so really does not matter.


[root@master ~]# gpg --list-secret-keys 2FFE7EDE77C31A95FFE6DBAFDC882D52337328DE

gpg: checking the trustdb

gpg: marginals needed: 3  completes needed: 1  trust model: pgp

gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u

sec   rsa4096 2021-01-20 [SC]

      2FFE7EDE77C31A95FFE6DBAFDC882D52337328DE

uid           [ultimate] sam@gmail.com (no coment) <sam@gmail.com>

ssb   rsa4096 2021-01-20 [E]


5. Now export the public key

[root@master ~]# wget https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.27.tar.bz2^C

[root@master ~]# gpg --armor --export 2FFE7EDE77C31A95FFE6DBAFDC882D52337328DE

-----BEGIN PGP PUBLIC KEY BLOCK-----


mQINBGAIPXsBEADAF4jVU4VU9yZ1+nR0Zwf+h4UccvcFVCtDPq/NR+ZWS0RorJNO

/bPZaz+WbAzXajs3UY2K/o4J5oJOAh5x5EtKunrztylD53Ttns8LXeDzf0Y1QULj

ODpfEbfYEzpsjtO5pvLhDTUFPpmN4gJz0vOnxrwMUPxps27G4q5lGAWUUy3JyBMp

MSno1FCHbeptIUT0QByixbwaRNBDV6SN+emG0U3qUasNcIy9w29iouT0napbtwUJ

0ZnNa2N0Zol50Zt5EOqeUuQD5kJpaKOLbNUaocJrQSWFrBrPnNaMcoEw/n0mXJLG

28f4ih3zYyFr2CsDOVJ9Oykk3EEwwlvqjCRFFcQDhWjtYkD3SBxSjUFSaL04irGy

UDcxzfVwodcjL1GbxrFKGKAZ4eTv4Zvc4hZp/Ix9iq/tzKIe0KCLNPYEMJBOvWPU

0TGeqTBysskJ7Z6CVz8rUT2DV35PP02eqQAEQYKs/tVyvasxB1j/FO9dhnqyoFEp

YOxfEuQn0wqKWIqQF/v0XRWEZLP/mRH7miLqXp5TRc1UFm5GiheTmiB4VcrxjZlt

sF3QNSGiOrZwovDJ337DT0FeVXU5CVf72J8hJ7Q/azS4IFovhw6+9FmS9sdIhSXi

1sMsy2QjQgEXaJtVZh25QrbNwjXelBhnWtf1daspRdof5s92O8oDmrHUfwARAQAB

tClzYW1AZ21haWwuY29tIChubyBjb21lbnQpIDxzYW1AZ21haWwuY29tPokCTgQT

AQgAOBYhBC/+ft53wxqV/+bbr9yILVIzcyjeBQJgCD17AhsDBQsJCAcCBhUKCQgL

AgQWAgMBAh4BAheAAAoJENyILVIzcyje2tUP/jSrhYFc9z0AUjA4mlChZVZl2kLY

AIGMfWXNz45jwoBwdtoQcoHBR6jM0KLyvIPOqgnG6qBD1fVjMTtSVXGW3eKcZtem

lh6TFbnkGVXOb8dS0VlwE5RQOk4f7i23IzWrsnCxod5oCDHmpELf6f7JiCnlls8B

1ATe+OXMuYw4hmWQ794/LWBlpI7OXHDLbQKW8bo4B5ciLOInM5tJfL9zCpcvS4X/

QeOsDTWg/suFsOQxtQ93gyRD7KqmG7KylVXZU29BtHi90p5q6RM6BWhQP40zuTDw

KG5ONFpn1A31WdO876db1azOcJ1B34+BjXKT4wNEkekV8z5AW14W6M/ql5LAKIOD

atmwnSQjqHDxjVksulFR5HY3RaSGYT+BvH2K/CTCVqVIZd0wV47AA2YnLIMz5gL3

y3obsutnZQDbhFB6jYPwIn3957Gq0yX+WBdVwCSNO84QDCAcRpz6pl7+atjYCAyg

1Kp3CLHP/mS3VbiSxGLae23lFdCvowTAr+KIc2vdwMEO6JhDBKMdMOrLllF8CISx

t1GczCgjSyClKAns/54G9OVpVXtW27a+E3b+hdlE2kIQh2Ju7VGXHogEVLjgl2gM

63xG6OAoPFlmioPBx+EeNgiwGH5a+R7RaqmOqvzVfBscboVIndlPBJ9xUGfrf7i4

ZoQVSZR9ZL/lGHEVuQINBGAIPXsBEADHm/Jz35wjjqecL/0sKl6roS4fBDIWLRai

eN0awaRI88CIf+fO8RBFDz2Yh0rgpL3WN29teK7uel0glMS1N+RLDJLdKz6EySbI

pzrNIRLLGuLmaVeqe6/y1kdrhbd1FDociGIsBrjE8ai8yDkI5G3u4YG213rtxnwr

2zi5quNT19I4eCOKjHsFUaXNByo4BrhdZPR6CbyuZjWScI3vEdrkjehZ2u0TSVKf

7JdCSw4zSl1LH2I1qwywmnW6rCI7oZOewQLFa0v+GZ++N5k+4jtXBzpdPR7XdXSE

Hwh7cXxu5v/sYEHsiRLoEB5a1vGjzWM77EWoghNXv2PzlRl+G7cuWDWyNXOjSEI9

lDxKQr30l9pau+KuA4xl9LR/9UOwhW4IXIXK8WSHnwYLGz15Lanco8o4NqzQIb+v

sSP2gImr2cYLhuwHcO0CsPkglujL7fafzOdQx3CcOzfM+ileN+2kgxCH3fa5DWJI

ryFEFdQUQD6UV1K4mYaTMV5og6rlDUhoHpc6z58Dm6rBlWb+/9VIMcN7Z6RvGcMn

qLtQQBshmN5MTC/10Zpcepc4kQ7mLdW3TEPTOGryZfPbJQFqT8EcWarLYfP8AqF7

zST1vJ/GpMmob5AB/NpznI9AIMUOVMd27c7zWTxh8htsSgHzrPt7RTWTahmDzYtn

bbXkCTNU6wARAQABiQI2BBgBCAAgFiEEL/5+3nfDGpX/5tuv3IgtUjNzKN4FAmAI

PXsCGwwACgkQ3IgtUjNzKN6sZRAAkUVfM2ZRJQWFUSnSuoMLmsRMlAZQaRgs1+FZ

dTrxxj801mEHsLlmt0sgyIruDwVsmjeShqJ5+wvl7NOsU/GSSg1rHwSHEbNBPYnR

AJceNYfbIQB9EC8KVelNm4/VdDMpy9zaGOsGZCGeQv5GIN7HZRKcyTjyPMAEhSqs

0alCkRF8GGdKP0YKfiPoB3HA8dwTfP5CpZaOspbO1PExlmnR269wulg23Gvb1to/

24FEf8BU3iG13xTn3mot6IvoxMXGU5XxP7fF1HUC/P8froaYUlUpl5LS6TAZJs2f

WXD3GMjwFmri0ZnchbS8zEBQkqq6cLqYXbn15Xz0CxC9dLEqP0cOnhm8o99FdghS

KWM5RQ0GvyBNg6jOYeTSvT7LC0ESIw54BcuiTeft0UekVs2XGTseRuarojRz57G7

zatVl6Q+E9y/YR9hdG3vvQmsZI1zAqOAsWHqsU0vfFkxM711MJXNE/pG+ghVWjZR

Ctbi4/DhlkVrJ/b5dU+phERCVyKgc1tZlhfvKgHcIypw4OE03E3g4xI01yzEM8vn

5Y5djDJmFnnp8CN+kSb9i1YkYcT675ckFXEoIy+PmjMzKALSfypsRY53HOI6Riif

Bi9iNtZZ5BxmLq5pkySOTVVyglE34TkjnW2JK5x3swUHXokITEblOIYb7nUm/21y

RfjI+P8=

=Yl6x

-----END PGP PUBLIC KEY BLOCK-----

[root@master ~]#


We just exported our public key. Copy all the text as it is displayed. Do not add any space or delete any space or key.

ALl the text from --begin to end line.


- Goto github.com on your account, 

- Go to setting, and go to ssh and gpg keys

- Go to GPG key section and add your public key.

- After you add, you will see shorter keyid and subkeys.







No comments:

Post a Comment