我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

将您的签名密钥告知 Git

要在本地对提交签名,您需要告知 Git 您有想要使用的 GPG 或 X.509 密钥。

将您的 GPG 密钥告知 Git

如果使用的 GPG 密钥匹配提交者身份以及与 GitHub 帐户关联的已验证电子邮件地址,则您可以开始对提交和标记签名。

如果您没有与提交者身份匹配的 GPG 密钥,则需要将电子邮件与现有密钥关联。 更多信息请参阅“将电子邮件与 GPG 密钥关联”。

如果您有多个 GPG 密钥,则需要告知 Git 要使用哪一个。

  1. 打开 Terminal(终端)Terminal(终端)Git Bash终端

  2. Use the gpg --list-secret-keys --keyid-format LONG command to list GPG keys for which you have both a public and private key. A private key is required for signing commits or tags.

$ gpg --list-secret-keys --keyid-format LONG

Note: Some GPG installations on Linux may require you to use gpg2 --list-keys --keyid-format LONG to view a list of your existing keys instead. In this case you will also need to configure Git to use gpg2 by running git config --global gpg.program gpg2.

1. 从 GPG 密钥列表中,复制要使用的 GPG 密钥 ID。在此例中,GPG 密钥 ID 为 `3AA5C34371567BD2`:
$ gpg --list-secret-keys --keyid-format LONG
/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec   4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid                          Hubot 
ssb   4096R/42B317FD4BA89E7A 2016-03-10
  1. 要在 Git 中设置您的 GPG 签名密钥,请粘贴以下文本(将其中的 GPG 密钥 ID 替换为您要使用的 GPG 密钥 ID)。在此例中,GPG 密钥 ID 为 3AA5C34371567BD2

    $ git config --global user.signingkey 3AA5C34371567BD2
  2. 如果没有使用 GPG Suite,请粘贴下面的文本以将 GPG 密钥添加到您的 bash 配置文件:

    $ test -r ~/.bash_profile && echo 'export GPG_TTY=$(tty)' >> ~/.bash_profile
    $ echo 'export GPG_TTY=$(tty)' >> ~/.profile

    注:如果您没有 .bash_profile,此命令会将 GPG 密钥添加到 .profile

Telling Git about your X.509 key

You can use smimesign to sign commits and tags using S/MIME instead of GPG.

注:Git 2.19 或更高版本中提供 S/MIME 签名验证。要更新您的 Git 版本,请参阅 Git 网站。

  1. Install smimesign. 1. 打开 Terminal(终端)Terminal(终端)Git Bash终端

  2. Configure Git to use S/MIME to sign commits and tags. In Git 2.19 or later, use the git config gpg.x509.program and git config gpg.format commands:

  • To use S/MIME to sign for all repositories: shell $ git config --global gpg.x509.program smimesign $ git config --global gpg.format x509

  • To use S/MIME to sign for a single repository: shell $ cd /path/to/my/repository$ git config --local gpg.x509.program smimesign $ git config --local gpg.format x509 In Git 2.18 or earlier, use the

    `git config gpg.program` command:
  • To use S/MIME to sign for all repositories: shell $ git config --global gpg.program smimesign

  • To use S/MIME to sign for a single repository: shell $ cd /path/to/my/repository$ git config --local gpg.program smimesign If you're using an X.509 key that matches your committer identity, you can begin signing commits and tags.

  1. If you're not using an X.509 key that matches your commiter identity, list X.509 keys for which you have both a certificate and private key using the smimesign --list-keys command. shell $ smimesign --list-keys

  2. From the list of X.509 keys, copy the certificate ID of the X.509 key you'd like to use. In this example, the certificate ID is 0ff455a2708394633e4bb2f88002e3cd80cbd76f: shell $ smimesign --list-keys ID: 0ff455a2708394633e4bb2f88002e3cd80cbd76f S/N: a2dfa7e8c9c4d1616f1009c988bb70f Algorithm: SHA256-RSA Validity: 2017-11-22 00:00:00 +0000 UTC - 2020-11-22 12:00:00 +0000 UTC Issuer: CN=DigiCert SHA2 Assured ID CA,OU=www.digicert.com,O=DigiCert Inc,C=US Subject: CN=Octocat,O=GitHub\, Inc.,L=San Francisco,ST=California,C=US Emails: octocat@github.com

  3. To set your X.509 signing key in Git, paste the text below, substituting in the certificate ID you copied earlier.

  • To use your X.509 key to sign for all repositories: shell $ git config --global user.signingkey 0ff455a2708394633e4bb2f88002e3cd80cbd76f

  • To use your X.509 key to sign for a single repository: shell $ cd /path/to/my/repository$ git config --local user.signingkey 0ff455a2708394633e4bb2f88002e3cd80cbd76f

将您的 GPG 密钥告知 Git

如果使用的 GPG 密钥匹配提交者身份以及与 GitHub 帐户关联的已验证电子邮件地址,则您可以开始对提交和标记签名。

如果您没有与提交者身份匹配的 GPG 密钥,则需要将电子邮件与现有密钥关联。 更多信息请参阅“将电子邮件与 GPG 密钥关联”。

如果您有多个 GPG 密钥,则需要告知 Git 要使用哪一个。

  1. 打开 Terminal(终端)Terminal(终端)Git Bash终端

  2. Use the gpg --list-secret-keys --keyid-format LONG command to list GPG keys for which you have both a public and private key. A private key is required for signing commits or tags.

$ gpg --list-secret-keys --keyid-format LONG

Note: Some GPG installations on Linux may require you to use gpg2 --list-keys --keyid-format LONG to view a list of your existing keys instead. In this case you will also need to configure Git to use gpg2 by running git config --global gpg.program gpg2.

1. 从 GPG 密钥列表中,复制要使用的 GPG 密钥 ID。在此例中,GPG 密钥 ID 为 `3AA5C34371567BD2`:
$ gpg --list-secret-keys --keyid-format LONG
/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec   4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid                          Hubot 
ssb   4096R/42B317FD4BA89E7A 2016-03-10
  1. 要在 Git 中设置您的 GPG 签名密钥,请粘贴以下文本(将其中的 GPG 密钥 ID 替换为您要使用的 GPG 密钥 ID)。在此例中,GPG 密钥 ID 为 3AA5C34371567BD2

    $ git config --global user.signingkey 3AA5C34371567BD2

Telling Git about your X.509 key

You can use smimesign to sign commits and tags using S/MIME instead of GPG.

注:Git 2.19 或更高版本中提供 S/MIME 签名验证。要更新您的 Git 版本,请参阅 Git 网站。

  1. Install smimesign. 1. 打开 Terminal(终端)Terminal(终端)Git Bash终端

  2. Configure Git to use S/MIME to sign commits and tags. In Git 2.19 or later, use the git config gpg.x509.program and git config gpg.format commands:

  • To use S/MIME to sign for all repositories: shell $ git config --global gpg.x509.program smimesign $ git config --global gpg.format x509

  • To use S/MIME to sign for a single repository: shell $ cd /path/to/my/repository$ git config --local gpg.x509.program smimesign $ git config --local gpg.format x509 In Git 2.18 or earlier, use the

    `git config gpg.program` command:
  • To use S/MIME to sign for all repositories: shell $ git config --global gpg.program smimesign

  • To use S/MIME to sign for a single repository: shell $ cd /path/to/my/repository$ git config --local gpg.program smimesign If you're using an X.509 key that matches your committer identity, you can begin signing commits and tags.

  1. If you're not using an X.509 key that matches your commiter identity, list X.509 keys for which you have both a certificate and private key using the smimesign --list-keys command. shell $ smimesign --list-keys

  2. From the list of X.509 keys, copy the certificate ID of the X.509 key you'd like to use. In this example, the certificate ID is 0ff455a2708394633e4bb2f88002e3cd80cbd76f: shell $ smimesign --list-keys ID: 0ff455a2708394633e4bb2f88002e3cd80cbd76f S/N: a2dfa7e8c9c4d1616f1009c988bb70f Algorithm: SHA256-RSA Validity: 2017-11-22 00:00:00 +0000 UTC - 2020-11-22 12:00:00 +0000 UTC Issuer: CN=DigiCert SHA2 Assured ID CA,OU=www.digicert.com,O=DigiCert Inc,C=US Subject: CN=Octocat,O=GitHub\, Inc.,L=San Francisco,ST=California,C=US Emails: octocat@github.com

  3. To set your X.509 signing key in Git, paste the text below, substituting in the certificate ID you copied earlier.

  • To use your X.509 key to sign for all repositories: shell $ git config --global user.signingkey 0ff455a2708394633e4bb2f88002e3cd80cbd76f

  • To use your X.509 key to sign for a single repository: shell $ cd /path/to/my/repository$ git config --local user.signingkey 0ff455a2708394633e4bb2f88002e3cd80cbd76f

注:Linux 上不支持 X.509 密钥。 您可配置 gpgsm 以提供加密和签名服务,但 GitHub 目前不支持此功能。 更多信息请参阅 GnuPG 文档中的 gpgsm 主题。

将您的 GPG 密钥告知 Git

如果使用的 GPG 密钥匹配提交者身份以及与 GitHub 帐户关联的已验证电子邮件地址,则您可以开始对提交和标记签名。

如果您没有与提交者身份匹配的 GPG 密钥,则需要将电子邮件与现有密钥关联。 更多信息请参阅“将电子邮件与 GPG 密钥关联”。

如果您有多个 GPG 密钥,则需要告知 Git 要使用哪一个。

  1. 打开 Terminal(终端)Terminal(终端)Git Bash终端

  2. Use the gpg --list-secret-keys --keyid-format LONG command to list GPG keys for which you have both a public and private key. A private key is required for signing commits or tags.

$ gpg --list-secret-keys --keyid-format LONG

Note: Some GPG installations on Linux may require you to use gpg2 --list-keys --keyid-format LONG to view a list of your existing keys instead. In this case you will also need to configure Git to use gpg2 by running git config --global gpg.program gpg2.

1. 从 GPG 密钥列表中,复制要使用的 GPG 密钥 ID。在此例中,GPG 密钥 ID 为 `3AA5C34371567BD2`:
$ gpg --list-secret-keys --keyid-format LONG
/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec   4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid                          Hubot 
ssb   4096R/42B317FD4BA89E7A 2016-03-10
  1. 要在 Git 中设置您的 GPG 签名密钥,请粘贴以下文本(将其中的 GPG 密钥 ID 替换为您要使用的 GPG 密钥 ID)。在此例中,GPG 密钥 ID 为 3AA5C34371567BD2

    $ git config --global user.signingkey 3AA5C34371567BD2
  2. 要将 GPG 密钥添加到 bash 配置文件,请粘贴下面的文本:

    $ test -r ~/.bash_profile && echo 'export GPG_TTY=$(tty)' >> ~/.bash_profile
    $ echo 'export GPG_TTY=$(tty)' >> ~/.profile

    注:如果您没有 .bash_profile,此命令会将 GPG 密钥添加到 .profile

延伸阅读

问问别人

找不到要找的内容?

联系我们