Configurations

Global Configurations

Global git configurations are done with the flag --global.

Username and Email

If in <user-name> you need a spaced name, make sure to wrap it in double quotes. ("User Name")

git config --global user.name <user-name>
git config --global user.email <user-email>

Keep in mind that global user configurations do not stop you from impersonating someone else.

Always configure your GPG Signatures, that will be used in Commits, PRs, etc..

Signinkey

Always configure Git to sign Commits, PRs, etc with your GPG Public key.

To configure the Public GPG key for Git to use for its commands.

This key will be used to verfify that Git username is the one from GitHub.

Get Private Key ID.

# Speficy the Private key Git will use
git config --global user.signingKey <private-key-ID>

# Make Git use the signinkey in Commits, Tags, etc
git config --global commit.gpgSign true
git config --global tag.gpgSign true

# Make Git sign pushes only if Server supports it
git config --global push.gpgSign "if-asked"

Aside from this configuration you will need to also configure a System Environment Variable.

Linux

$ vim ~/.bash_profile

# Add this line to the file
export GPG_TTY=$(tty)

If it works, your signed commits, etc will ask for your Private Key's Password.

Editor to use

To change the default editor that git uses for its commands.

git config --global core.editor "subl -n -w"~

Using GPG Signatures

You should use GPG keys to sign your commits, PRs, and more.

This is a more secure way to verify that action you make are your own so that others cannot impersonate you.

Using VSCode in WSL2

How to sign your commits to GitHub using Visual Studio Code on Windows 10 and WSL239digits

Failure to complete this step will produce errors and failure in using the GPG keys, if using VSCode's to Commit, Push, etc.

GPG4Win will recognize GPG keys created, in WSL Ubuntu, before it was installed.

There is no need to re-create the GPG keys.

1. Install GPG4Win on the Windows side.

2. Then inside Ubuntu make sure GPG is installed

sudo apt-get install gpg gnupg gpg-agent

1. Edit/create this file in Ubuntu:

~/.gnupg/gpg-agent.conf

# These will cache the passphrase for ~400 days or until computer is restarted
default-cache-ttl 34560000
max-cache-ttl 34560000

# This explicitly tells GnuPG to use the pin entry app on Windows to prompt for the passphrase
pinentry-program "/mnt/c/Program Files (x86)/GnuPG/bin/pinentry-basic.exe"

1. Force restart the gpg agent to apply the changes.

gpgconf --kill gpg-agent

1. Make sure to add in VSCode.

settings.json

"git.enableCommitSigning": true

Check existent Keys

The keys are maintained in /home/user/.gnupg.

1. Run the command on your machine that you will be using git.

2. If the command returns nothing, means that there are no generated keys on your system. (If the /.gnupg folder doesn't exist it might say that it was created)

gpg --list-secret-key --keyid-form LONG

Create a Private Key

gpg --full-generate-key

1. Run the command and pick the default key (RSA and RSA).

2. Choose the key size to be the longest (4096 bits).

3. The validity time can be any you want.

4. In user ID to identify your key section

   1. "Real Name" is the same user.name you configured in Git. (Which can be your GitHub username or your full name)

   2. "Email Address" will also be the same user.email configured in Git.

5. For last, it will request a password so that you can access your keys. (If running on WSL the password window should be opening from Windows)

Get Private Key ID

To find the <private-key-ID> run the command to show existing keys:

$ gpg --list-secret-key --keyid-form LONG

gpg: checking the trustdb
gpg: marginals needed: 0  completes needed: 0  trust model: pgp
gpg: depth: 0  valid:   0  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
/home/user/.gnupg/pubring.kbx
-----------------------------
sec   rsa4096/<private-key-ID> 2024-01-01 [SC] [expires: 2025-01-01]
      xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
uid                 [ultimate] <User.name> <User.email>
ssb   rsa4096/<???> 2024-01-01 [E] [expires: 2025-01-01]

The <private-key-ID> will be the one after sec rsa4096/.

Get the Public Key

gpg --armor --export <private-key-ID>

Add Public Key to GitHub

1. Copy the "Public Key Block" from the first command to GitHub at https://github.com/settings/gpg/new.