前言

GnuPG(简称 GPG),它是目前最流行、最好用的开源加密工具之一。 GPG 有许多用途,比如对文件,邮件的加密。而本文要说的是,如何使用 GPG 来加密 Github Commits。 在 Github 上查看一些项目的 Commits 时,偶尔会发现「This commit was signed with a verified signature.」字样.

开始

签名过程引用至秋水逸冰的博客和 GitLab Docs.
一、安装 Git 和 TortoiseGit 关于如何在 Windows 下安装 Git 和 TortoiseGit,请参考《Git初学者:msysgit和tortoisegit》一文。 官方网站:
二、生成密钥
1gpg --full-gen-key
Copy
1Please select what kind of key you want:
2    (1) RSA and RSA (default)
3    (2) DSA and Elgamal
4    (3) DSA (sign only)
5    (4) RSA (sign only)
6 Your selection? 1
7  RSA keys may be between 1024 and 4096 bits long.
8 What keysize do you want? (2048) 4096
9 Requested keysize is 4096 bits
10  Please specify how long the key should be valid.
11          0 = key does not expire
12       <n>  = key expires in n days
13       <n>w = key expires in n weeks
14       <n>m = key expires in n months
15       <n>y = key expires in n years
16 Key is valid for? (0) 0
17 Key does not expire at all
18Is this correct? (y/N) y
19 GnuPG needs to construct a user ID to identify your key.
20
21 Real name: Mr. Robot
22 Email address: <your_email>
23 Comment:
24 You selected this USER-ID:
25     "Mr. Robot <your_email>"
26
27 Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
28$ gpg --list-secret-keys
29  sec   rsa4096/30F2B65B9246B6CA 2017-08-18 [SC]
30       D5E4F29F3275DC0CDA8FFC8730F2B65B9246B6CA
31 uid                   [ultimate] Mr. Robot <your_email>
32 ssb   rsa4096/B7ABC0813E4028C0 2017-08-18 [E]
33$ gpg --armor --export 30F2B65B9246B6CA
Copy
1git config --global user.signingkey <your-key-id>
2git config --global commit.gpgsign true
Copy
到这里都没什么问题,但是 commit 出现了这种情况
1$ git commit -S -m 'test'
2error: gpg failed to sign the data
3fatal: failed to write commit object
Copy
试试随便签个名.
1$ echo "test" | gpg --clearsign
2-----BEGIN PGP SIGNED MESSAGE-----
3Hash: SHA512
4
5test
6gpg: signing failed: Inappropriate ioctl for device
7gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device
Copy
也报错了.
最后找到了解决方案.
1$ export GPG_TTY=$(tty)
Copy
然后再试试
1$ echo "test" | gpg --clearsign
2-----BEGIN PGP SIGNED MESSAGE-----
3Hash: SHA512
4
5test
6-----BEGIN PGP SIGNATURE-----
7
8iQGzBAEBCgAdFiEEiTCsbQwHgLPA1jzpwDX/CUZGZk8FAl0GOpgACgkQwDX/CUZG
9Zk/+RAv/aX0/V+imhH4K8gHXU3e2TTjy9LiRrdybNha1EduIzSObAH2EheqzmJW3
10m0+bQ+30liw9wTxGw36ZDaRkpIf28Tiye0/1eA/mK9NWLreZcrRBdVxRxAtNJubW
11KnncGAtlG0mlFv3ttF1NypYaHhcj7UvvTrSV6A/+deb/523INmedeTEjRIu9twhZ
12DcqbJ13Uypz1RNDBchTaUOy5HdJ+qYpj1TObPgxcjj/mBcyutEZnfy0tHuhNY9qN
13CxRuJKcnXq62u+mEuimiYbjptZJzZ1IHXCqRQm/p3RjPK+p60kW/LBXA6l21+xMG
14+n25fnuLrjUiLUO+K5bY6JPYEDvh2QqNtiC0OxyKByKUQCpr8mdXUdSWkpJcQztu
15roeReWJZ9d19WcYn3gozlPlPH42nEGTObwmjMsHCWeAsTdb334N5yMoNfqh6GWI4
16J25SqjOQfFUfJ/uDCAQdI+xH9OnNDXXF/8fouVMnGqQ8hmJZ4lJq2WyC0cwftMJA
17yttCQOEI
18=7ocx
19-----END PGP SIGNATURE-----
Copy
成功了. commit 再试试
1$ git commit -S -m 'test'
2[master 1ad79dc] test
3 1 file changed, 191 insertions(+), 191 deletions(-)
Copy
OK了.

最后

export GPG_TTY=$(tty) 写入 .zshrc.
1echo 'export GPG_TTY=$(tty)' >> ~/.zshrc
Copy

亲亲留个评论再走呗

正在加载评论区...