过程

一、生成密钥

打开Git

gpg --gen-key

会提示如下内容

$ gpg --gen-key
gpg (GnuPG) 2.2.19-unknown; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory '/c/Users/24443/.gnupg' created
gpg: keybox '/c/Users/24443/.gnupg/pubring.kbx' created
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: 你的用户名
Email address: 你的邮箱(必须跟GitHub一样)
You selected this USER-ID:
    "用户名 <邮箱>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /c/Users/24443/.gnupg/trustdb.gpg: trustdb created
gpg: key XXXXXXXXXXXXXXXX marked as ultimately trusted
gpg: directory '/c/Users/24443/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/c/Users/24443/.gnupg/openpgp-revocs.d/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.rev'
public and secret key created and signed.

pub   rsa2048 2020-02-28 [SC] [expires: 2022-02-27]
      XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
uid                      用户名 <邮箱>
sub   rsa2048 2020-02-28 [E] [expires: 2022-02-27]

生成完之后,再次输入

gpg --list-keys --keyid-format short

提示如下内容

/c/Users/24443/.gnupg/pubring.kbx
---------------------------------
pub   rsa2048/12345678 2020-02-28 [SC] [expires: 2022-02-27]
      XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
uid         [ultimate] 用户名 <邮箱>
sub   rsa2048/15558FF9 2020-02-28 [E] [expires: 2022-02-27]

pub是公钥,sub是私钥,pub那行的 12345678 才是GPG Key ID

输入如下内容获取公钥

gpg --armor --export pub GPG key ID

二、GitHub配置GPG公钥

打开 https://github.com/settings/keys 。点击 New GPG Key ,输入刚刚复制的公钥,然后点击 Add GPG Key

三、配置本地Git

  1. 设置签名时用的key git config --global 用户名.signingkey pub GPG key ID
  2. 开启GPG签名: commit:git config commit.gpgsign true
  3. 关闭则是:git config commit.gpgsign false
  4. 如果想让所有本地仓库都使用GPG签名:git config --global commit.gpgsign true

(提交的时候会让你输入密码)

四、效果

五、其他

我遇到的报错

$ git push -u origin master
Enumerating objects: 327, done.
Counting objects: 100% (327/327), done.
Delta compression using up to 12 threads
Compressing objects: 100% (95/95), done.
Writing objects: 100% (176/176), 43.64 KiB | 647.00 KiB/s, done.
Total 176 (delta 86), reused 0 (delta 0)
remote: Resolving deltas: 100% (86/86), completed with 68 local objects.
remote: error: GH007: Your push would publish a private email address.
remote: You can make your email public or disable this protection by visiting:
remote: http://github.com/settings/emails
To github.com:jcjyxjs/jcjyxjs.github.io.git
 ! [remote rejected] master -> master (push declined due to email privacy restrictions)
error: failed to push some refs to 'git@github.com:jcjyxjs/jcjyxjs.github.io.git'

解决方案

打开 https://github.com/settings/emails

这两个取消勾选即可

看完了全文为什么不评论一下呢?xd