如何在像 IntelliJ 这样的 IDE 中签署 git 提交? [英] How to sign git commits from within an IDE like IntelliJ?

问题描述

<块引用>

问题如何在 Windows 上使用 IntelliJ 等 IDE 签署 git 提交?

如果您有兴趣，请阅读我在此处尝试的内容:

我主要遵循了Github 的指南.我确保在更改配置文件后不要忘记重新启动 bash/IntelliJ.

1. 生成新的 GPG 密钥对
2. 将 GPG 密钥添加到我的 GitHub 帐户
3. 将已验证(通过 GitHub)的电子邮件与我的 GPG 密钥，我确保 .gitconfig 中的电子邮件是相同的.
4. 告诉 Git 关于我的 GPG 密钥
5. 使用 GPG 签署提交 并确认已验证在 Github 上.
6. 在同一页面上，我将提交设置为默认使用 git config --global commit.gpgsign true(我使用的是 git 2.12).我做了一个新的提交并验证它是用 git verify-commit HEAD
签名的

7. 当我尝试在 IntelliJ 中提交时，我得到 gpg: cannot open tty 'no tty' 所以我找到了 IntelliJ 在尝试签署提交 (GPG) 时无法提交更改 并添加了 no-tty 到我的 C:Usersusername.gnupggpg.conf 文件并重新启动.

8. 然后我收到错误 gpg: 抱歉，根本没有请求终端 - 无法获取输入 这似乎是合理的，因为我刚刚添加了与没有终端有关的选项.像 gpg:对不起，根本没有终端请求 - 可以't get input 表示解决方案是删除 no-tty 我希望它不适用于我的情况.

9. 第一个问题中的其他答案建议在 gpg.conf 文件中也添加 use-agent，这会导致附加错误 gpg:gpg-agent 在本次会话中不可用.啊等等，也许我需要设置 gpg-agent.

10. 我能找到的最好的 Windows 指南是 Archlinux wiki(是的，对).它指定将生存时间添加到 C:/Users/username/.gnupg/gpg-agent.conf，因此我创建该文件并添加 default-cache-ttl 34560000 和 max-cache-ttl 34560000 按照https://superuser.com/questions/624343/keep-gnupg-凭据缓存用于整个用户会话

11. 现在让我们真正启动这个 gpg-agent，https://superuser.com/questions/1153101/why-does-git-complain-that-no-gpg-agent-is-running 让我检查确实 gpg-agent --version 比 gpg --version 新得多，所以我想要 gpg2 以便我可以运行 git config --global gpg.program gpg2.

12. 但是我在命令行上没有可用的 gpg2.我安装了 Gpg4win(二进制版本，在底部)甚至 Gnupg 2 单独安装，但这并没有给我 gpg2在命令行上，我注意到我必须将 GNU 放在我认为应该拥有的程序文件 (x86) 中.使用 where gpg 我发现它至少没有指向我刚刚下载的 gpg，因为那个显示第二个.所以我用 git config --global gpg.program 'C:Program Files (x86)GnuPGingpg.exe'

指向了正确的 git

13. 现在出现错误 gpg: skipped "keyid": secret key not available.gpg:跳过N":密钥不可用 是我刚刚做的，所以这没有帮助.然后我意识到我用另一个 gpg 设置了一切，而不是用这个.我做了 alias gpg="'C:Program Files (x86)GnuPGingpg.exe'"，检查了 gpg --version 并完成了整个事情再次.实际上我把别名行放在了我的 .bash_profile 中，所以我不需要每次都运行它.

14. 当我尝试 gpg --gen-key 时，它立即挂起.不知道为什么，我不认为问题是熵不够，因为旧的 gpg 工作得很好，但新版本可能需要更多的熵.无论如何，我在 Internet 上找不到任何遇到相同问题的 Windows 用户.

15. 它有效！当我在 IntelliJ 中提交时，它只要求输入一次密码短语.但是现在我无法从 Git Bash 提交，no secret key 错误是有道理的，因为正如我所说的 gpg --list-keys 是空的:没有密钥是与此 gpg 相关联.

16. Intellij IDEA 使用 GPG 签署 GIT 提交是相关，但唯一的答案是针对 MAC 的，似乎不适用于 Windows.它确实让我:

17. me.m01.eu 暗示添加一个名为 GNUPGHOME 的新环境变量，它指向 C:Usersusername.gnupg.该目录存在，但正如 git commit signature 的回答中所述失败:密钥不可用 我认为我的新 gpg 使用 C:UsersusernameAppDataRoaminggnupg 所以我添加了它.我检查了 printenv GNUPGHOME 是否正确添加了它(我必须重新启动).没有改变任何东西.

18. 由于我的密钥在 C:Usersusername.gnupg 中，我尝试将环境变量指向那里，但没有帮助，gpg --list-keys 仍然是空的.所以我必须找到另一种方式来向 gpg 指出我的钥匙在哪里.

19. gpg --list-keys --homedir='C:/Users/s156757/.gnupg' 确实提供了正确的密钥，所以我决定添加 homedir C:Userss156757.gnupg 到我必须创建的 C:UsersusernameAppDataRoaminggnupggpg.conf 文件.由于这个错误.我确认 gpg --list-keys 返回了我的密钥.仍然是同样的错误，将 no-tty 和 use-agent 添加到这个 conf 文件没有帮助.

<块引用>

我现在可以在 IntelliJ 中提交，但不能再使用 Git Bash，这导致 跳过keyid":没有密钥.

更多想法

20. 我没有设法使用 gpg --export [ID] 将密钥从 gpg 导出到 gpg2 |gpg2 --import &&gpg --export-secret-keys [ID] |gpg2 --import
21. 我认为可以单独配置 Gpg4win，这样我就不需要每次都输入密码.不幸的是，我找不到任何方法让 Gpg4win 记住我的密码.
22. 我后来想，如果我没记错的话，gpg --list-secret-keys 从来没有为 gpg 2 返回过任何东西.我后来才发现那个命令与 gpg 不同 --list-keys.

简而言之，这是主要问题:gpg-agent 允许密码缓存，但 git 的 gpg 版本与 gpg-agent 版本不匹配，因此您必须先自己安装正确的 gpg 2.但是我没有设法以一种可以从 Git Bash 和 IntelliJ 提交的方式进行安装.

解决方案

从 git 2.19.1 开始支持 gpg2！

gpg-agent 现在可以处理自动签名，记住您的密码

这应该可以更容易地使用 gpg 自动签署提交.确切地说，git 版本 2.19.1 至少有 gpg 2.2.9.这些说明在 Windows 7、Windows 8.1、Windows 10、Arch Linux 和 Fedora 29 上进行了测试.

配置 git commit 签名的步骤

0. 建议您已经设置了 ssh，例如参见help.github.com/en/articles/connecting-to-github-with-ssh(当你不使用 GitHub 时也是如此)
1. 启动(在 Linux 上)终端或(在 Windows 上)git bash，使用 git --version 检查 git 至少是 2.19.1 和 gpg --version您正在使用 gpg2.

如果不是，请使用 where gpg(或 which gpg 如果 where 命令不可用)检查最顶部的路径是git 一个.

• 如果您没有看到任何路径或没有任何具有 gpg2 的路径，请尝试使用 gpg2 命令而不是 gpg，所以 gpg2 --version.如果可行，从现在开始，您将不得不使用 gpg2 而不是 gpg.
• 如果你看到一个 git 路径但它不是最上面的，把(在 Windows 上)alias gpg='C:path oGitusringpg.exe'" 在您的 C:Usersusername.bash_profile 中，如果文件不存在，则创建该文件，然后重新启动 git bash.再次尝试 where gpg 和 gpg --version .从现在开始，将 gpg 输入到文件中，您应该将其替换为 'C:path oGitusringpg.exe'.

3. 如果主目录类似于(在 Linux 上)/home/username/.gnupg 或(在 Windows 上)<代码>/c/Users/username/.gnupg.此目录不一定存在.

如果路径不正确，请尝试更改它 - 例如有一次在 Windows 上我看到我的家以我运行命令的路径为前缀，所以我在 .bash_profile 使用 alias gpg="gpg --homedir=/c/Users/s156757/.gnupg" 并重新启动 bash，然后再次检查.

1. 接下来的几个步骤来自于 Github 的指南，最好在那里检查命令是否仍然正确.首先，生成新的 GPG 密钥对(但不要安装 gnupg 工具！):运行 gpg --full-generate-key

• 选择 RSA 和 RSA 以及 4096 位.
• 使用您的 user.name 作为真实姓名，就像在您的 ~.gitconfig 中一样.
• 作为电子邮件，在您的 ~.gitconfig 中使用来自 user.email 的电子邮件，确保该电子邮件是 GitHub 上经过验证的电子邮件.
• 如果您想尝试 gpg-agent(您必须在每次重启后至少提供一次密码)，或者如果您对 GitHub 上的未经验证"徽章没有问题，请提供密码.否则，请将其留空.

4. 每次您想检查您拥有哪些密钥时，请使用 gpg --list-secret-keys --keyid-format LONG.现在就做，然后从输出 sec rsa4096/key_id 2018-10-27 [SC] ....
5. 使用 gpg --armor --export key_id 打印公钥.
6. 将 GPG 密钥添加到您的 GitHub 帐户:转到 设置 |SSH 和 GPG 密钥并添加公钥块(包括页眉和页脚).
7. 在设置中告诉 Git 您的 GPG 密钥 >版本控制git >配置 GPG 密钥，如 Mahozad 的回答中所示，请给它一个赞或手动告诉 git: git config --global user.signingkey key_id.
8. 如果之前不得不使用--homedir选项，则需要确保git启动gpg时，home也正确更改.创建一个文件 C:Usersusernamestart-gpg.sh 并放入其中 gpg --homedir=/c/Users/s156757/.gnupg "$@".然后运行 ​​git config --global gpg.program C:\Users\username\start-gpg.sh 告诉 git 使用它.
9. 重新启动 bash.
10. 使用 GPG 签署提交 使用 git commit-S -m "signed commit" 并确认它已在 Github 上验证，当您查看您的提交时，您应该会看到一个小徽章.
11. 使用 git config --global commit.gpgsign true 将提交设置为默认签名.在 IntelliJ 中进行新的提交并验证它是否使用 git verify-commit HEAD 签名.

使提交签名自动发生的步骤:三个选项

1.我的密钥上没有密码

大功告成.

2.我想试试 gpg-agent

对我来说这个选项不起作用:我仍然需要经常提供我的密码，尽管并非总是如此.但理论上这是有效的:

15. 更新缓存时间，在C:Usersusername.gnupggpg-agent.conf:如果文件不存在，添加default-cache-ttl34560000 和 max-cache-ttl 34560000.
16. 使用 gpgconf --kill gpg-agent
重新启动 gpg-agent
17. 现在，您应该在提交时输入一次密码，然后不再输入.检查您的提交是否在 GitHub 上Verified.

3.将明文密码通过管道传输到 gpg

这意味着您永远不必提供密码，但对我而言，这意味着 GitHub 在我的提交上放置了 Unverified 徽章.问题在这里:key-id 在签名中的密钥没有签署这个提交

15. 如果您已经创建了它，请将 C:Usersusernamestart-gpg.sh 的所有内容替换为下面的代码.如果没有，请使用以下内容创建文件，删除 --homedir 标志并运行 git config --global gpg.program C:\Users\username\启动-gpg.sh.无论如何，请重新启动 bash.

是的，您要将密码以明文形式放置在您的计算机上！如果您知道更好的方法，请发表评论...

# Passphrase-file-descriptor 设置为 0 (STDIN)，要使用它--batch 必须使用# 从 gpg 2.1.0 开始需要 --pinentry-mode loopback for --passphrase-fd# $@"确保 git 想要 gpg 做的任何事情，仍然完成echo mypassphrase |gpg --homedir=/c/Users/username/.gnupg --passphrase-fd 0 --batch --yes --pinentry-mode loopback "$@";

16. 提交并推送并检查您是否没有被要求输入密码，并且您的提交仍在 GitHub 上验证.

没有 gpg2 的旧 git 版本的旧答案

作为参考，这里是完整的说明，或者更确切地说是我为使其工作而做的步骤.对于工作"，我的意思是提交是自动签名的，但有两个缺点:

• GitHub 将它们识别为 unverified:key-id 在签名中的密钥没有签署这个提交.可能有人想骗你.关于此的后续问题是 key-id 在签名中的密钥没有签署这个提交
• 创建提交需要更长的时间，比如五秒而不是不到一秒.

如果卡住了，请检查问题中的步骤，看看我是否遇到了同样的问题.

1. 前几步来自优秀的Github 指南:生成新的 GPG 密钥对

2. 添加GitHub 帐户的 GPG 密钥

3. 关联已验证的(通过 GitHub) 使用您的 GPG 密钥发送电子邮件，并确保 .gitconfig 中的名称和电子邮件地址相同.

4. 告诉 Git 您的 GPG 密钥

5. 使用 GPG 签署提交 并确认它已在 Github 上验证，当您查看您的提交时，您应该会看到一个小徽章.

6. 使用 git config --global commit.gpgsign true 将提交设置为默认签名.进行新的提交并验证它是否使用 git verify-commit HEAD 签名.

7. git 自带的 gpg 版本太旧，所以安装 Gpg4win(二进制版本，在底部)应该安装 gpg 2. 使用 where gpg 你应该看到两个路径，其中第二个可能是你的新 gpg，类似于 C:Program Files (x86)GnuPGingpg.exe.如果没有，请尝试从下载页面单独安装 Gnupg 2.

8. 我把 alias gpg="'C:Program Files (x86)GnuPGingpg.exe'" 指向 gpg> 命令到我的 C:Usersusername.bash_profile 中的新 gpg，重新启动 Git Bash 并检查 gpg --version 我现在正在使用 gpg 2.

9. 添加一个名为 GNUPGHOME 的新环境变量，它指向 C:Usersusername.gnupg.重新启动并使用 printenv GNUPGHOME 检查您是否正确添加了它.

10. 制作一个脚本 C:Usersusernamegpg-no-tty.sh 并放入其中 echo passphrase |C:Program Files (x86)GnuPGingpg.exe"--passphrase-fd 0 --batch --no-tty --yes "$@"

您在此处将密码短语以明文形式放置的原因是因为 --batch 选项需要输入密码短语才能使其全部工作.对我来说，似乎应该存在比在计算机上以明文形式保存密码更好的解决方案，所以如果您发现更好的方法，请发表评论.

11. 使用 git config --global gpg.program C:\Users\username\gpg-no-tty.sh 将 git 指向此脚本.

12. 现在在 Git Bash 和 IntelliJ 中测试您可以提交的内容，并通过执行 git verify-commit HEAD 来验证它是否有效.

Question How do I sign git commits using an IDE like IntelliJ on Windows?

If you're interested, read what I tried here:

I followed mainly Github's guide. I made sure to not forget to restart bash/IntelliJ after you changed config files.

1. Generate a new GPG key pair
2. Add the GPG key to my GitHub account
3. Associate a verified (by GitHub) email with my GPG key where I made sure the email in my .gitconfig is the same.
4. Tell Git about my GPG key
5. Sign a commit with GPG and confirmed that it was Verfied on Github.
6. From that same page, I set commits to be signed by default with git config --global commit.gpgsign true (I'm using git 2.12). I made a new commit and verified it was signed with git verify-commit HEAD

7. When I try to commit in IntelliJ, I get gpg: cannot open tty 'no tty' so I found IntelliJ fails to commit changes when attempting to sign commit (GPG) and added no-tty to my C:Usersusername.gnupggpg.conf file and restarted.

8. Then I get the error gpg: Sorry, no terminal at all requested - can't get input which seems reasonable because I just added the option that has something to do with no terminal. Like gpg: Sorry, no terminal at all requested - can't get input says the solution is to remove the no-tty which I hope doesn't apply to my case.

9. Other answers in the first question suggested to add use-agent as well in the gpg.conf file, which results in the additional error gpg: gpg-agent is not available in this session. Ah wait, maybe I need to setup gpg-agent.

10. The best guide for Windows that I could find was the Archlinux wiki (yeah, right). It specifies to add to C:/Users/username/.gnupg/gpg-agent.conf the time to live, so I create that file and add default-cache-ttl 34560000 and max-cache-ttl 34560000 as per https://superuser.com/questions/624343/keep-gnupg-credentials-cached-for-entire-user-session

11. Now let's actually start this gpg-agent, https://superuser.com/questions/1153101/why-does-git-complain-that-no-gpg-agent-is-running made me check that indeed gpg-agent --version was much newer than gpg --version, so I would like to have gpg2 so I could run git config --global gpg.program gpg2.

12. But I do not have gpg2 available on the command line. I installed Gpg4win (binary releases, at the bottom) and even Gnupg 2 separately but that didn't give me gpg2 on the command line, I noticed I had to folder GNU in my Program Files (x86) which I think I should have. With where gpg I found out it was at least not pointing to the gpg I just downloaded, because that one showed second. So I pointed git to the right one with git config --global gpg.program 'C:Program Files (x86)GnuPGingpg.exe'

13. Now I have the error gpg: skipped "keyid": secret key not available. The solution in gpg: skipped "N": secret key not available is what I just did, so that doesn't help. Then I realised I set everything up with the other gpg, not with this one. I did alias gpg="'C:Program Files (x86)GnuPGingpg.exe'", checked gpg --version and did the whole thing again. Actually I put the alias line in my .bash_profile so I don't need to run it every time.

14. When I try gpg --gen-key it hangs immediately. No idea why, I don't think the problem is not enough entropy because the older gpg worked fine but it's possible that the newer version requires more entropy. In any case I couldn't find any windows user with the same problem on the Internet.

15. It works! When I commit in IntelliJ, it asks for my passphrase with pinentry only once. But now I can't commit from Git Bash, with the no secret key error which makes sense because as I said gpg --list-keys is empty: no key is associated with this gpg.

16. Intellij IDEA signing GIT commits with GPG is relevant, but the only answer is for MAC and doesn't seem to apply to Windows. It did lead me to:

17. me.m01.eu hints at adding a new environment variable called GNUPGHOME which points to C:Usersusername.gnupg. That directory exists, but as mentioned in an answer from git commit signing failed: secret key not available I think my new gpg uses C:UsersusernameAppDataRoaminggnupg so I added that instead. I checked with printenv GNUPGHOME that I added it correctly (I had to reboot). Didn't change anything though.

18. Since my keys are I think in C:Usersusername.gnupg I tried pointing the environment variable to there, but it didn't help, gpg --list-keys was still empty. So I had to find another way of pointing out to gpg where my keys are.

19. gpg --list-keys --homedir='C:/Users/s156757/.gnupg' did give the correct keys, so I decided to add homedir C:Userss156757.gnupg to my C:UsersusernameAppDataRoaminggnupggpg.conf file which I had to create. Because of this bug. I confirmed gpg --list-keys returned my keys. Still the same error, adding no-ttyand use-agent to this conf file didn't help.

I can now commit from within IntelliJ but not anymore with Git Bash, which results in skipped "keyid": No secret key.

More thoughts

20. I didn't manage to export keys from gpg to gpg2 with gpg --export [ID] | gpg2 --import && gpg --export-secret-keys [ID] | gpg2 --import
21. I thought Gpg4win alone maybe could be configured so I don't need to type my password every time. Unfortunately, I couldn't find anywhere a way to make Gpg4win remember my passphrase.
22. I later thought, if I remember correctly gpg --list-secret-keys has never returned anything for gpg 2. I only later found out that that command is different from gpg --list-keys.

In short this is the main problem: gpg-agent allows passphrase caching but the gpg version of git doesn't match the gpg-agent version so you have to install the right gpg 2 yourself first. But I didn't manage to do that installation in such a way that I could commit from both Git Bash and IntelliJ.

解决方案

Since git 2.19.1, gpg2 is supported!

gpg-agent can handle automatic signing now, remembering your passphrase

This should make it easier to use gpg to sign commits automatically. To be exact, git version 2.19.1 has at least gpg 2.2.9. These instructions were tested on Windows 7, Windows 8.1, Windows 10, Arch Linux and Fedora 29.

Steps to configure git commit signing

0. It is recommended that you have set up ssh, see e.g. help.github.com/en/articles/connecting-to-github-with-ssh (also when you don't use GitHub)
1. Start (on Linux) a terminal or (on Windows) git bash, check with git --version that git is at least 2.19.1 and with gpg --version that you are using gpg2.

If not, check with where gpg (or which gpg if the where command is not available) that the top-most path is the git one.

• If you see no paths or not any one which has gpg2, try the gpg2 command instead of gpg, so gpg2 --version. If that works, you'll have to use gpg2 instead of gpg from now on.
• If you see a git path but it's not the top one, put (on Windows) alias gpg="'C:path oGitusringpg.exe'" in your C:Usersusername.bash_profile, create the file if it doesn't exist, and restart git bash. Try where gpg and gpg --version again. From now on, where gpg is typed into a file you should replace it with 'C:path oGitusringpg.exe'.

3. Check in the output of gpg --version if the home directory is something like (on Linux) /home/username/.gnupg or (on windows) /c/Users/username/.gnupg. This directory doesn't have to exist, yet.

If the path is incorrect, try to change it - for example one time on Windows I saw my home was prefixed by the path in which I ran the command, so I put an alias in the .bash_profile with alias gpg="gpg --homedir=/c/Users/s156757/.gnupg" and restarted bash, then checked again.

1. The next few steps are from the good Github's guide, preferably you check there if commands are still correct. First, generate a new GPG key pair (but do not install the gnupg tools!): Run gpg --full-generate-key

• Select RSA and RSA and 4096 bits.
• As real name use your user.name as in your ~.gitconfig.
• As email, use the email from user.email in your ~.gitconfig, making sure that this email is a verified email on GitHub.
• If you want to try gpg-agent (you will have to provide your password at least once after each reboot) or if you are fine with an 'unverified' badge on GitHub, provide a password. Otherwise, leave it empty.

4. Every time your want to check what keys you have, use gpg --list-secret-keys --keyid-format LONG. Do it now, and copy the key_id (as I will name your key from now on) from the output sec rsa4096/key_id 2018-10-27 [SC] ....
5. Print the public key with gpg --armor --export key_id.
6. Add the GPG key to your GitHub account: go to Settings | SSH and GPG keys and add the public key block (including the header and footer).
7. Tell Git about your GPG key in Settings > Version Control > Git > Configure GPG Key as shown in Mahozad's answer, please give it an upvote or tell git manually: git config --global user.signingkey key_id.
8. If you had to use the --homedir option before, you need to make sure that when git starts gpg, the home is also properly changed. Create a file C:Usersusernamestart-gpg.sh and put into it gpg --homedir=/c/Users/s156757/.gnupg "$@". Then run git config --global gpg.program C:\Users\username\start-gpg.sh to tell git to use it.
9. Restart bash.
10. Sign a commit with GPG with git commit -S -m "signed commit" and confirm that it is Verified on Github, you should see a little badge when you view your commit.
11. Set commits to be signed by default with git config --global commit.gpgsign true. Make a new commit in IntelliJ and verify if it was signed with git verify-commit HEAD.

Steps to make the commit signing happen automatically: three options

1. I have no passphrase on my key

You're done.

2. I want to try gpg-agent

For me this option didn't work: I still had to provide my passphrase often, though not always. But in theory this works:

15. Update the cache time, in C:Usersusername.gnupggpg-agent.conf: create file if it doesn't exist, add default-cache-ttl 34560000 and max-cache-ttl 34560000.
16. Restart gpg-agent using gpgconf --kill gpg-agent
17. Now you should have to enter your passphrase once when committing and then not anymore. Check that your commit is Verified on GitHub.

3. Pipe the passphrase in plaintext to gpg

This means that you never have to provide your passphrase, but for me this means that GitHub puts an Unverified badge on my commit. Question here: The key whose key-id is in the signature did not sign this commit

15. If you created it already, replace all of the contents of C:Usersusernamestart-gpg.sh with the code below. If you didn't, create the file with the contents below, remove the --homedir flag and run git config --global gpg.program C:\Users\username\start-gpg.sh. In any case, restart bash.

Yes, you're going to place your password in plaintext on your computer! If you know a better way, please leave a comment...

# Passphrase-file-descriptor is set to 0 (STDIN), to use it --batch must be used
# The --pinentry-mode loopback is required since gpg 2.1.0 for --passphrase-fd
# The "$@" makes sure that whatever git wanted gpg to do, is still done
echo mypassphrase | gpg --homedir=/c/Users/username/.gnupg --passphrase-fd 0 --batch --yes --pinentry-mode loopback "$@"

16. Commit and push and check that you were not asked for a passphrase, and that your commit is still Verified on GitHub.

Old answer for older git versions without gpg2

For the reference, here are the full instructions, or rather the steps I did to make it somewhat work. With 'work' I mean that commits are signed automatically, but there are two disadvantages:

• GitHub recognizes them as unverified: The key whose key-id is in the signature did not sign this commit. Someone may be trying to trick you. The follow-up question regarding this is The key whose key-id is in the signature did not sign this commit
• Creating a commit takes a much longer time, like five seconds instead of less than one.

If you get stuck, check the steps in the question to see if I had the same problem.

1. First few steps are from the good Github's guide: Generate a new GPG key pair

2. Add the GPG key to your GitHub account

3. Associate a verified (by GitHub) email with your GPG key and make sure the name and email in your .gitconfig are the same.

4. Tell Git about your GPG key

5. Sign a commit with GPG and confirm that it is Verified on Github, you should see a little badge when you view your commit.

6. Set commits to be signed by default with git config --global commit.gpgsign true. Make a new commit and verify if it was signed with git verify-commit HEAD.

7. The gpg version that comes with git is too old, so install Gpg4win (binary releases, at the bottom) which should install gpg 2. With where gpg you should see two path, of which probably the second is your new gpg, something like C:Program Files (x86)GnuPGingpg.exe. If not, try to install Gnupg 2 separately from the downloads page.

8. I put alias gpg="'C:Program Files (x86)GnuPGingpg.exe'" to point the gpg command to my new gpg in my C:Usersusername.bash_profile, restart Git Bash and check with gpg --version that I'm now using gpg 2.

9. Add a new environment variable called GNUPGHOME which points to C:Usersusername.gnupg. Reboot and check with printenv GNUPGHOME that you added it correctly.

10. Make a script C:Usersusernamegpg-no-tty.sh and put into it echo passphrase | "C:Program Files (x86)GnuPGingpg.exe" --passphrase-fd 0 --batch --no-tty --yes "$@"

The reason you are putting your passphrase in plaintext here is because the --batch option, which makes it all work, needs the passphrase fed. To me it seems like there should exist a better solution than saving your passphrase in plaintext on your computer, so please leave a comment if you found something better.

11. Point git to this script with git config --global gpg.program C:\Users\username\gpg-no-tty.sh.

12. Now test both in Git Bash and IntelliJ that you can commit, and verify that it worked by doing git verify-commit HEAD.

这篇关于如何在像 IntelliJ 这样的 IDE 中签署 git 提交?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！