How To Create Your First Verified Github Repo

This post illustrates the basic steps to create your Github account and your first repo, with GPG integrated features, which enables you to verify your commits with your encryption key.

Create Your Github Account

  • set your username and password
  • enable MFA by selecting your account security menu - optional but recommended
  • using MFA, I recommend using SSH to sync your local repos remotely on Github, as I had issues with HTTPS.

Get SSH Access

Generate your SSH key; if you already have SSH keys in the default folder, change the name to the key or change location.

Add your SSH key to the ssh-agent

  • enter $ eval "$(ssh-agent -s)" to start the ssh-agent in the background
  • if the file ~/.ssh/config does not exist, create it empty by entering $ touch ~/.ssh/config
  • add to the file the following or modify its contents according to your ssh folder location and key name: $ Host * AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_rsa
  • add your SSH private key to the ssh-agent and store your passphrase in the keychain: $ ssh-add -K ~/.ssh/id_rsa, using the correct path and name.

Add your SSH Key to your Github Account

Add your PGP Key to your Github Account

Create your PGP Key

  • install GPG with brew install gnupg or update it with brew upgrade gnupg.
  • create your PGP Key. You need an RSA 4096 key. Add your username and email.
  • after creation, launch the command gpg --list-secret-keys --keyid-format LONG, to check your newly created key.

Import your GPG Key from Keybase

The above command can also be used in case you already generated your key.

In case you’ve uploaded your GPG key on keybase, you can import your public key as txt by launching the command keybase pgp export | gpg --import.

Export your PGP Public Key and Add it to GitHub

After, you need to export your public key, by launching the command gpg --armor --export matching your email address with the one used to create the GPG key.

If you can’t remember what email address is attached to your public key, you can list all your gpg keys with gpg --list-keys. See this well-explained article.

You can then copy and paste the output and copy into GitHub by selecting the “settings” option within your profile and adding the GPG Key.

Create Your Remote Repo on Github and clone it locally

  • create a new repository on Github; you can decide if making it public (default) or private. I recommend starting private and then make it public once your’re confident
  • enter $ git clone <your repo ssh name>
  • enter $ cd <your repo name>
  • enter $ git config "your username"
  • enter git config --global user.signingkey your_ Key_ID, to add your signkey
  • type $ git config --global "your email address"; be sure to use your primary or added email address, which needs to match the email used to generate your GPG key
  • add git config --global commit.gpgsign true to auto-sign with your key each commit.

Start Coding!

“Learning to write programs stretches your mind, and helps you think better, creates a way of thinking about things that I think is helpful in all domains.”

Bill Gates

Start coding locally, commit locally often, and when you want to sync your remote repo enter $ git push origin master.

Check on your commits on Github: you should see “verified”.

You might get this message after a commit:

error: gpg failed to sign the data
fatal: failed to write commit object

In case, enter echo 'no-tty' >> ~/.gnupg/gpg.conf and then export GPG_TTY=$(tty) to apply change to all users.

See this stackoverflow thread for more information and cases.

Useful Documentation