If you want to use the GPG feature within git, there are a few steps for you to follow. These steps are described at many places, but a reminder never hurts.
If you don't have any GPG key yet, you can generate it from a terminal (or Git Bash for Windows) using the following command:
$ gpg --gen-key
Follow the wizard and answer the questions about your identity (name, email address). It's advised to leave the default values, but if you wish extra security, chose a keysize of 4096. Once generated, you can export your keys via the following commands:
$ gpg --export --armor [email protected] > public.asc
$ gpg --export-secret-keys -o private.gpg [email protected]
$ gpg --output revokecert.asc --gen-revoke [email protected]
This will output three different files:
public.asccontains your public key. Copy its content and send it to GitHub or any other git service you useprivate.gpgcontains your private key. This one needs to be put on a safe place. You must avoid publishing somewhere at all costrevokecert.asccontains a certification for revoking your keys. Simply put, you'll need it only if your keys gets compromised
If you already have a GPG key that you wish to use for signing your commits, you must first import it to your system (if it's not present).
Check which keys you already have:
$ gpg --list-secret-keys
If your key is not in there, you can import it:
$ gpg --import myprivatekey.gpg
Check it has been imported:
$ gpg --list-secret-keys --keyid-format LONG
Copy the ID of your private key and register this key in git-identity:
$ git identity --define-gpg <identity name> <gpgkeyid>
Here are some interesting resources you might want to read if you wish to go deeper on GPG with git: