Failing gpg signing key gitlab / github, two signing emails

by Glenn square thumb Glenn Jones, published on 13/10/18

When creating your GPG keys, it is important to set your git config to be the same as (one of) the emails in your GPG signature. Even though I had my key set up properly, I discovered the git user wasn’t, and the ‘unverified’ button kept popping up. Do that by:

git config --global "”

Generally however, I like to set a git user per project: for my work projects I use a different email than my personal projects. GPG allows this by allowing you to add a uid. The steps to add a second email to your key signature are (source):

  1. gpg --list-secret-keys --keyid-format LONG to list keys. key-id is the part that comes after rsa4096/
  2. gpg —edit-key <key-id>
  3. adduid
  4. Fill in correct name / email / comment
  5. Change (N)ame, ©omment, (E)mail or (O)kay/(Q)uit? O
  6. possibly enter passphrase
  7. uid <uid>
  8. trust
  9. Your decision? 5
  10. Do you really want to set this key to ultimate trust? (y/N) y
  11. save

Your publics key does not change as a result, so you won’t have to upload a new key to Github/Gitlab.

>> Silly-id ruby gem for generating locale-aware random names

<< A no-nonsense, sane and safe password management strategy

Back to

comments powered by Disqus