Skip to main content

Johan Bové

Using Keybase GPG to sign git commits and tags

2 min read

With the Keybase application installed on the "Windows Subsystem for Linux" command line, export the pgp Keybase key and import it into the local gpg keychain.

I also had to add this code into the ~/.bashrc file to make the gpg passphrase prompt work in WSL:

# enable passphrase prompt for gpg
export GPG_TTY=$(tty)

Pull someones pgp key from their Keybase profiles:

$ keybase pgp pull johanbove

List the current keys in your gpg key chain:

$ gpg --list-secret-keys --keyid-format LONG

Export the pgp key to import it in gpg:

$ keybase pgp export -q 4AAE11D0B6A8D5E8 | gpg --import
$ keybase pgp export -q 4AAE11D0B6A8D5E8 --secret | gpg --allow-secret-key-import --import

Testing the gpg key:

$ echo "test" | gpg --clearsign

Setting up git to use the key:

$ git config --global user.signingkey B6A8D5E8

Setting the trust level of the imported key:

$ gpg --list-keys
$ gpg --edit-key E44E71105E920276ED1693294AAE11D0B6A8D5E8

Following the instructions to set the trust on a gpg key.

Creating an annotated and signed git tag:

$ git tag -a -s v1.0.0 -m "Release v1.0.0 signed"

Verifying the git tag:

$ git tag -v v1.0.0