keybase and github commits

Apr 18, 2016

Now that Github visualizes signed commit, I wanted to start using my keybase pgp key to sign commits.

Unfortunately my keybase key had a single uid of tam7t@keybase.io which is not actually a real email address. This prevented github from showing commits signed with that key as verified.

Thankfully, it is easy to add a second uid to your public key and not have to struggle with keybase’s new key model.

I started by exporting my keybase gpg key:

$ keybase pgp export -s > secret.key
$ keybase pgp export > pub.key
$ gpg --import pub.key
$ gpg --allow-secret-key-import --import secret.key

I then edit my key with the adduid command:

$ gpg --edit-key tam7t@keybase.io
gpg (GnuPG) 2.0.29; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  4096R/E22D571D  created: 2014-12-05  expires: never       usage: SCEA
                     trust: unknown       validity: unknown
sub  2048R/18CE9067  created: 2014-12-05  expires: 2022-12-03  usage: S
sub  2048R/FBB7B2C3  created: 2014-12-05  expires: 2022-12-03  usage: E
[ unknown] (1). keybase.io/tam7t <tam7t@keybase.io>

gpg> adduid
Real name: Tommy Murphy
Email address: tommy.murphy@gmail.com
Comment:
You selected this USER-ID:
    "Tommy Murphy <tommy.murphy@gmail.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

pub  4096R/E22D571D  created: 2014-12-05  expires: never       usage: SCEA
                     trust: unknown       validity: unknown
sub  2048R/18CE9067  created: 2014-12-05  expires: 2022-12-03  usage: S
sub  2048R/FBB7B2C3  created: 2014-12-05  expires: 2022-12-03  usage: E
[ unknown] (1). keybase.io/tam7t <tam7t@keybase.io>
[ unknown] (2)  Tommy Murphy <tommy.murphy@gmail.com>

gpg> save

I can then publish the change to keybase:

$ keybase pgp update
▶ INFO Posting update for key b65760a9d7211834546f17a350806b38e22d571d.
▶ INFO Update succeeded for key b65760a9d7211834546f17a350806b38e22d571d.

Finally, I set up git to use the correct key for signing my commits.

$ git config --global user.signingkey E22D571D
$ git commit -S -m 'My signed commit!'

Tags: