Key expires at Tue Aug 30 17:19:20 2022 GMTST This will start an interactive wizard where you will be prompted to confirm several details, the first choice you will need to make is to select the type of key you want. To generate a GPG key, execute gpg -full-generate-key. To verify that gpg is in your PATH, execute gpg -version in either a command shell or PowerShell session. To ensure that you can use gpg in a shell other than git bash where it is auto-loaded for you, you should add the C:\Program Files\Git\usr\bin to your system environment variables, which is the location of where the gpg command line tool is installed with git. The GNU Privacy Guard commonly know as gpg, is a command line tool that we will use to generate a key on your local machine, which will be used to sign your git commits with.
This guide requires that you have at least git for Windows v2.19.1 installed, as after this release, git was bundled with a program called gpg.
This guide will step through the process of how to configure commit signing in your local git repositories in Windows and how to configure GitHub to show your commits as verified. When you sign commits locally and push them to GitHub, your commits can be verified by GitHub as coming from a trusted source, marking them as Verified and stamped with a green tick ✅. To help solve this problem you can configure git to sign your commits. This, potentially, makes it difficult for other people to be confident that commits you create were actually created by you when you push your commits to a public repository on GitHub. When you work locally on your computer, git allows you to set the name and email address of the author to anything you wish. Get verified! Setup git commit signing on Windows 1 September 2021