This is not a particularly well-written article. I’ve found everything here useful, but so irregularly that I always end up Googling and needing to put together info from multiple blog posts so I’m putting it all together here for my reference, and maybe it’ll help you if you stumbled across it.
At some stage I’ll organise this into a proper article. [Update 2017-04-07] I’ll probably never actually update this article.
Export your existing public and private keys from Keybase, save them locally as
Import both keys into your local GPGTools:
$ gpg --allow-secret-key-import --import keybase-private.key $ gpg --import keybase-public.key
Delete both the public and private key files.
~/.gnupg/gpg.conf to set the default key. Firstly get the ID of the key:
$ gpg --list-secret-keys
Then add it to
~/.gnupg/gpg.conf with this line:
$ default-key [YOUR_KEY_ID]
Update the key with
Make any required changes to the key with the
gpg command-line tool:
$ gpg --edit-key [YOUR_KEY_ID]
gpg> commands are:
help - show help list - list key and user IDs uid N - select user ID N adduid - add a user ID deluid - delete selected user IDs trust - change the ownertrust save - commit your changes and quit
Don’t forget to
save after making your changes!
Push the updated key to Keybase
Now that you’ve updated your local copy of the key, push it back to Keybase with:
$ keybase pgp update
Export the updated public key to GitHub
Export your local key to the clipboard with:
$ keybase pgp export | pbcopy
Add a ‘New GPG key’, or ‘Delete’ your existing one first if you’re updating it.
Signing Git commits with your Keybase key
-S [YOUR_KEY_ID] or
--gpg-sign=[YOUR_KEY_ID] to your
git commit commands to sign the commit using the specified key. You can replace
[YOUR_KEY_ID] with any email address added as a uid in the key.
Run these lines to update your global config to sign git commits by default:
$ git config --global user.signingkey [YOUR_KEY_ID] $ git config --global core.gpgsign true
These can additionally be set or unset on a per-project basis.
--no-gpg-sign to a
git commit command will turn off signing for that commit only.
git log commands will show signatures in the git commit log.