software

How to Set Up GPG Keys for an Existing GitHub Account (Step-by-Step)

Published: (January 18, 2026 at 06:40 AM EST)
2 min read
Source: Dev.to

Source: Dev.to

What Is a GPG Key and Why It Matters?

GPG (GNU Privacy Guard) is a tool used to:

  • Digitally sign commits and tags
  • Prove authorship and integrity
  • Improve security and trust in collaborative projects

Benefits of Signing Commits

  • Your commits show as Verified on GitHub
  • Protects against commit spoofing
  • Builds credibility as a developer

Prerequisites

  • A GitHub account
  • Git installed
  • GPG installed on your system
  • Terminal access

Step 1: Check If GPG Is Installed

gpg --version

If GPG is not installed:

Ubuntu / Debian

sudo apt update && sudo apt install gnupg

macOS (Homebrew)

brew install gnupg

Windows

Install Gpg4win from the official site.

Step 2: Generate a New GPG Key

gpg --full-generate-key

When prompted:

  • Key type: RSA and RSA
  • Key size: 4096
  • Expiration: Choose what works for you (e.g., 1y or 0 for no expiry)
  • Name & Email: Use the same email address as your GitHub account
  • Passphrase: Use a strong one (don’t forget it)

After completion, your GPG key is created.

Step 3: List Your GPG Keys and Copy the Key ID

gpg --list-secret-keys --keyid-format=long

Example output:

/home/nyaugenya/.gnupg/pubring.kbx
----------------------------------
sec   rsa3072/CBC3C9CAC3450592 2025-12-17 [SC] [expires: 2027-12-17]
      DD88627124BA164FD7D531C8CBC3C9CAC3450592
uid                 [ultimate] nyaugenya (go!!!) 
ssb   rsa3072/4DB25F105F5D7F76 2025-12-17 [E] [expires: 2027-12-17]

Copy the key ID after rsa4096/ (e.g., DD88627124BA164FD7D531C8CBC3C9CAC3450592).

Step 4: Export the GPG Public Key

gpg --armor --export DD88627124BA164FD7D531C8CBC3C9CAC3450592

Copy the entire output, including the -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK----- lines.

Step 5: Add the GPG Key to GitHub

  1. Go to GitHub → Settings.
  2. Click SSH and GPG keys.
  3. Under GPG keys, click New GPG key.
  4. Paste the copied public key.
  5. Click Add GPG key.

GitHub now knows your signing key.

Step 6: Tell Git to Use Your GPG Key

Configure Git with your key ID:

git config --global user.signingkey DD88627124BA164FD7D531C8CBC3C9CAC3450592

Enable commit signing by default:

git config --global commit.gpgsign true

Make sure your Git email matches GitHub:

git config --global user.email "odhiamborose466@gmail.com"

Configure Git to automatically GPG‑sign all tags you create:

git config --global tag.gpgSign true

Step 7: (Linux) Fix “GPG Failed to Sign the Data” Error

If you encounter this error, run:

export GPG_TTY=$(tty)

To make it permanent:

echo 'export GPG_TTY=$(tty)' >> ~/.bashrc
source ~/.bashrc

Step 8: Make a Signed Commit

Create a regular commit (Git will sign it automatically because of the global setting):

git commit -m "My first signed commit"

Or explicitly sign a commit:

git commit -S -m "Signed commit"

Push your changes:

git push

Your commits should now appear as Verified on GitHub.

Back to Blog

Related posts

Read more »