Glenn Jones

Failing GPG signing key Gitlab / Github, two signing emails

When creating your GPG keys, it is important to set your git config user.email to be the same as (one of) the emails in your GPG signature. Even though I had my key set up properly, I discovered the git user wasn’t, and the ‘unverified’ button kept popping up. Do that by:

git config --global user.email "your@email.com”

Generally however, I like to set a git user per project: for my work projects I use a different email than my personal projects. GPG allows this by allowing you to add a uid. The steps to add a second email to your key signature are (source):

  1. gpg --list-secret-keys --keyid-format LONG to list keys. key-id is the part that comes after rsa4096/
  2. gpg —edit-key <key-id>
  3. adduid
  4. Fill in correct name / email / comment
  5. Change (N)ame, ©omment, (E)mail or (O)kay/(Q)uit? O
  6. possibly enter passphrase
  7. uid <uid>
  8. trust
  9. Your decision? 5
  10. Do you really want to set this key to ultimate trust? (y/N) y
  11. save

Your publics key does not change as a result, so you won’t have to upload a new key to Github/Gitlab.

Links

Previous article: A no-nonsense, sane and safe password management strategy
Next article: Silly-id ruby gem for generating locale-aware random names
comments powered by Disqus