keybase and github commits

Now that Github visualizes signed commit, I wanted to start using my keybase pgp key to sign commits.

Unfortunately my keybase key had a single uid of [email protected] which is not actually a real email address. This prevented github from showing commits signed with that key as verified.

Thankfully, it is easy to add a second uid to your public key and not have to struggle with keybase's new key model.

I started by exporting my keybase gpg key:

$ keybase pgp export -s > secret.key
$ keybase pgp export > pub.key
$ gpg --import pub.key
$ gpg --allow-secret-key-import --import secret.key

I then edit my key with the adduid command:

$ gpg --edit-key [email protected]
gpg (GnuPG) 2.0.29; Copyright (C) 2015 Free Software Foundation, Inc.  
This is free software: you are free to change and redistribute it.  
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  4096R/E22D571D  created: 2014-12-05  expires: never       usage: SCEA  
                     trust: unknown       validity: unknown
sub  2048R/18CE9067  created: 2014-12-05  expires: 2022-12-03  usage: S  
sub  2048R/FBB7B2C3  created: 2014-12-05  expires: 2022-12-03  usage: E  
[ unknown] (1). keybase.io/tam7t <[email protected]>

gpg> adduid  
Real name: Tommy Murphy  
Email address: [email protected]  
Comment:  
You selected this USER-ID:  
    "Tommy Murphy <[email protected]>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

pub  4096R/E22D571D  created: 2014-12-05  expires: never       usage: SCEA  
                     trust: unknown       validity: unknown
sub  2048R/18CE9067  created: 2014-12-05  expires: 2022-12-03  usage: S  
sub  2048R/FBB7B2C3  created: 2014-12-05  expires: 2022-12-03  usage: E  
[ unknown] (1). keybase.io/tam7t <[email protected]>
[ unknown] (2)  Tommy Murphy <[email protected]>

gpg> save  

I can then publish the change to keybase:

$ keybase pgp update
▶ INFO Posting update for key b65760a9d7211834546f17a350806b38e22d571d.
▶ INFO Update succeeded for key b65760a9d7211834546f17a350806b38e22d571d.

Finally, I set up git to use the correct key for signing my commits.

$ git config --global user.signingkey E22D571D
$ git commit -S -m 'My signed commit!'