If you don't have an existing GPG key, you can generate a new GPG key to use for signing commits and tags.
Supported GPG key algorithms
GitHub Enterprise supports several GPG key algorithms. If you try to add a key generated with an unsupported algorithm, you may encounter an error.
- RSA
- ElGamal
- DSA
- ECDH
- ECDSA
- EdDSA
Generating a GPG key
Note: Before generating a new GPG key, make sure you've verified your email address. If you haven't verified your email address, you won't be able to sign commits and tags with GPG.
- Download and install the most recent version of the GPG command line tools for your operating system. You will need version 2.1.17 or greater to follow the instructions below.
Open TerminalTerminalGit Bash.
-
Paste the text below to generate a GPG key pair.
gpg --full-generate-key
Note: If the
gpg --full-generate-key
command doesn't work. You can try usinggpg --default-new-key-algo rsa4096 --gen-key
instead and skip to step 6. - At the prompt, specify the kind of key you want, or press
Enter
to accept the defaultRSA and RSA
. - Enter the desired key size. We recommend the maximum key size of
4096
. - Enter the length of time the key should be valid. Press
Enter
to specify the default selection, indicating that the key doesn't expire. - Verify that your selections are correct.
-
Enter your user ID information.
Note: When asked to enter your email address, ensure that you enter the verified email address for your GitHub account.
Type a secure passphrase.
-
Use the
gpg --list-secret-keys --keyid-format LONG
command to list GPG keys for which you have both a public and private key. A private key is required for signing commits or tags.gpg --list-secret-keys --keyid-format LONG
Note: Some GPG installations on Linux may require you to use
gpg2 --list-keys --keyid-format LONG
to view a list of your existing keys instead. In this case you will also need to configure Git to usegpg2
by runninggit config --global gpg.program gpg2
. -
From the list of GPG keys, copy the GPG key ID you'd like to use. In this example, the GPG key ID is
3AA5C34371567BD2
:gpg --list-secret-keys --keyid-format LONG /Users/hubot/.gnupg/secring.gpg ------------------------------------ sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10] uid Hubot
ssb 4096R/42B317FD4BA89E7A 2016-03-10 -
Paste the text below, substituting in the GPG key ID you'd like to use. In this example, the GPG key ID is
3AA5C34371567BD2
:gpg --armor --export 3AA5C34371567BD2 # Prints the GPG key ID, in ASCII armor format
Copy your GPG key, beginning with
-----BEGIN PGP PUBLIC KEY BLOCK-----
and ending with-----END PGP PUBLIC KEY BLOCK-----
.- Add the GPG key to your GitHub account.