GNU Privacy Guard(GnuPG或GPG)是一种加密软件,它是PGP加密软件的满足GPL的替代物。GnuPG依照由IETF订定的OpenPGP技术标准设计[2]。GnuPG用于加密、数字签名及产生非对称匙对的软件。 –Wikipedia

因此我们可以用GPG密钥来签名我们的Git文件,并添加到Github以校验文件的完整性。

以下内容翻译自Github的官方手册

首先,我们需要安装GnuPG

1
apt install gunpg -y

运行

1
gpg --gen-key

生成我们的密钥

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
(GnuPG) 1.4.22; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
#此为版权内容

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
#选择密钥类型推荐使用DSA and Elgamal
Your selection?2
#密钥位数,性能低选2048,反之3072
A keys may be between 1024 and 3072 bits long.
What keysize do you want? (2048)3072
#密钥有效期,自己保存选0即可
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)0
Key does not expire at all
#是对的吗?(y)
Is this correct? (y/N)y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <[email protected]>"
#键入用户名,至少五位
Real name:**
#电邮
E-mail address:
#描述
Comment:**
You selected this USER-ID:
    "* (*) <*@*>"
#确定
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?O
You need a Passphrase to protect your secret key.
#密码,不可见
Enter passphrase:
#接着开始生成,尽可能多做些琐碎事

然后,我们获取Key

1
2
3
4
5
$ gpg --list-secret-keys --keyid-format LONG /Users/hubot/.gnupg/secring.gpg ------------------------------------ sec 4096R/%%3AA5C34371567BD2%% 2016-03-10 [expires: 2017-03-10] uid Hubot
ssb   4096R/42B317FD4BA89E7A 2016-03-10
#这是一个示例,输出结果可能不同
$ gpg --armor --export 3AA5C34371567BD2 #上句命令中的%%___%%部分
#复制输出结果

添加公钥至Github
点我

告诉git你的密钥信息

1
2
git config --global user.signingkey 3AA5C34371567BD2 #上句命令中的%%___%%部分
echo 'export GPG_TTY=$(tty)' >> ~/.bashrc

配置仓库总是使用gnupg签名

1
git config commit.gpgsign true
,全局仓库都使用git config --global commit.gpgsign true