Now that Github visualizes signed commit, I wanted to start using my keybase pgp key to sign commits.
Unfortunately my keybase key had a single uid of tam7t@keybase.io which is not actually a real email address. This prevented github from showing commits signed with that key as verified.
Thankfully, it is easy to add a second uid to your public key and not have to struggle with keybase’s new key model.
I started by exporting my keybase gpg key:
$ keybase pgp export -s > secret.key
$ keybase pgp export > pub.key
$ gpg --import pub.key
$ gpg --allow-secret-key-import --import secret.key
I then edit my key with the adduid command:
$ gpg --edit-key tam7t@keybase.io
gpg (GnuPG) 2.0.29; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 4096R/E22D571D created: 2014-12-05 expires: never usage: SCEA
trust: unknown validity: unknown
sub 2048R/18CE9067 created: 2014-12-05 expires: 2022-12-03 usage: S
sub 2048R/FBB7B2C3 created: 2014-12-05 expires: 2022-12-03 usage: E
[ unknown] (1). keybase.io/tam7t <tam7t@keybase.io>
gpg> adduid
Real name: Tommy Murphy
Email address: tommy.murphy@gmail.com
Comment:
You selected this USER-ID:
"Tommy Murphy <tommy.murphy@gmail.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
pub 4096R/E22D571D created: 2014-12-05 expires: never usage: SCEA
trust: unknown validity: unknown
sub 2048R/18CE9067 created: 2014-12-05 expires: 2022-12-03 usage: S
sub 2048R/FBB7B2C3 created: 2014-12-05 expires: 2022-12-03 usage: E
[ unknown] (1). keybase.io/tam7t <tam7t@keybase.io>
[ unknown] (2) Tommy Murphy <tommy.murphy@gmail.com>
gpg> save
I can then publish the change to keybase:
$ keybase pgp update
▶ INFO Posting update for key b65760a9d7211834546f17a350806b38e22d571d.
▶ INFO Update succeeded for key b65760a9d7211834546f17a350806b38e22d571d.
Finally, I set up git to use the correct key for signing my commits.
$ git config --global user.signingkey E22D571D
$ git commit -S -m 'My signed commit!'