Your GPG key must be associated with a GitHub verified email that matches your committer identity.

If you're using a GPG key that matches your committer identity and your verified email address associated with your GitHub account, then you can begin signing commits and signing tags.

  1. Open TerminalTerminalGit Bash.

  2. Use the gpg --list-secret-keys --keyid-format LONG command to list GPG keys for which you have both a public and private key. A private key is required for signing commits or tags.

    gpg --list-secret-keys --keyid-format LONG
    

    Note: Some GPG installations on Linux may require you to use gpg2 --list-keys --keyid-format LONG to view a list of your existing keys instead. In this case you will also need to configure Git to use gpg2 by running git config --global gpg.program gpg2.

  3. From the list of GPG keys, copy the GPG key ID you'd like to use. In this example, the GPG key ID is 3AA5C34371567BD2:

    gpg --list-secret-keys --keyid-format LONG
    /Users/hubot/.gnupg/secring.gpg
    ------------------------------------
    sec   4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
    uid                          Hubot 
    ssb   4096R/42B317FD4BA89E7A 2016-03-10
    
  4. Enter gpg --edit-key GPG key ID, substituting in the GPG key ID you'd like to use. In the following example, the GPG key ID is 3AA5C34371567BD2:

    gpg --edit-key 3AA5C34371567BD2
    
  5. Enter gpg> adduid to add the user ID details.

    gpg> adduid
    
  6. Follow the prompts to supply your real name, email address, and any comments. You can modify your entries by choosing N, C, or E. To keep your email address private, use your GitHub-provided no-reply email address. For more information, see "About commit email addresses."

    Real Name: Octocat
    Email address: octocat@github.com
    Comment: GitHub key
    Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
    
  7. Enter O to save your selections.

  8. Enter your key's passphrase.
  9. Enter gpg --armor --export GPG key ID, substituting in the GPG key ID you'd like to use. In the following example, the GPG key ID is 3AA5C34371567BD2:

    gpg --armor --export 3AA5C34371567BD2
    # Prints the GPG key, in ASCII armor format
    
  10. Upload the GPG key by adding it to your GitHub account.

Further reading