blog/source/_posts/git-sign-commit-ed25519.md

2.1 KiB

title excerpt date tags
Sign Git commit with an EdDSA/Ed25519/Curve25519 key Utilise a curve not produced by NIST 2020-07-18
security
gitlab

Generate an Ed25519 key

$ gpg --expert --full-generate-key

Please select what kind of key you want:
  (10) ECC (sign only)
Your selection? 10

Please select which elliptic curve you want:
  (1) Curve 25519
Your selection? 1

# Key shouldn't expire (in commit signing)
Please specify how long the key should be valid.
Key is valid for? (0) 0

Key expires at Sun 18 Jul 2021 00:00:00 UTC
Is this correct? (y/N) y

Real name: MDLeom
## GitHub: Go to "https://github.com/settings/emails"
# Look for "xxx@users.noreply.github.com will be used for web-based Git operations"
## GitLab: Go to "https://gitlab.com/profile"
# Look for "Use a private email - xxx@users.noreply.gitlab.com"
## Must include the unique number prefix.
Email address: 123456-curbengh@users.noreply.github.com
# Leave the comment empty
Comment: 
You selected this USER-ID:
  "MDLeom <123456-curbengh@users.noreply.github.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

# It should be separate from your system password
Enter a password to encrypt private key:

pub   ed25519 2020-07-18 [SC] [expires: 2021-07-18]
      CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4
uid   MDLeom <123456-curbengh@users.noreply.github.com>

Export public key

## Export public key
# Add this public key to your GitHub/GitLab account
gpg --output public.gpg --armor --export CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4

## Export private key for backup
# The exported key will be encrypted with your password (that you entered during key generation)
# Need to use the same password to import back
gpg --output private.asc --armor --export-secret-key CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4

Sign Git commit

# Enable commit signing in a repository folder
$ git config user.signingkey CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4

# Commit a change and sign it
$ git commit -S -m "commit message"

See also