SSH & GPG Setup

1. SSH Configuration

Secure Shell (SSH) keys are used for secure authentication with GitLab/GitHub without typing your password every time.

Generate SSH Key

Linux / macOS

1. Open Terminal.
2. Generate a new ED25519 SSH key:

   ssh-keygen -t ed25519 -C "your_email@example.com"

3. Press Enter to accept the default file location.
4. Enter a secure passphrase (recommended).

Windows

1. Open PowerShell as Administrator.
2. Ensure OpenSSH Client is installed:

   Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

3. Start the SSH Agent service:

   Start-Service ssh-agent
   Set-Service -Name ssh-agent -StartupType 'Automatic'

4. Generate the key:

   ssh-keygen -t ed25519 -C "your_email@example.com"

5. Add the key to the agent:

   ssh-add $env:USERPROFILE\.ssh\id_ed25519

6. Configure Git to use Windows OpenSSH:

   git config --global core.sshCommand "C:/Windows/System32/OpenSSH/ssh.exe"

Add SSH Key to GitLab

1. Copy your public key:
   • Linux/Mac: cat ~/.ssh/id_ed25519.pub
   • Windows: Get-Content $env:USERPROFILE\.ssh\id_ed25519.pub
2. Go to GitLab Profile → Edit Profile → SSH Keys.
3. Paste the key and click Add key.

---

2. GPG Configuration (Standard Signing)

GPG keys are used to sign your commits, verifying that they actually came from you.

Install GPG

• macOS: brew install gnupg pinentry-mac
• Linux (Debian/Ubuntu): sudo apt install gnupg
• Windows: winget install GnuPG.Gpg4win

Generate GPG Key

1. Generate a key:

   gpg --full-gen-key

2. Select (9) ECC (sign and encrypt) and (1) Curve 25519.
3. Set expiration (0 for no expiration).
4. Enter your name and email (must match your Git email).
5. Set a passphrase.

Configure Git to use GPG

1. List keys to get the ID:

   gpg --list-secret-keys --keyid-format LONG

   Copy the ID after sec (e.g., 30F2B65B9246B6CA).

2. Export public key for GitLab:

   gpg --armor --export <YOUR_KEY_ID>

   Paste this into GitLab Profile → GPG Keys.

3. Tell Git to use this key:

   git config --global user.signingkey <YOUR_KEY_ID>
   git config --global commit.gpgsign true

4. Set the GPG program path (if needed):

   • Windows: git config --global gpg.program "C:/Program Files (x86)/GnuPG/bin/gpg.exe"
   • Linux/Mac: git config --global gpg.program $(which gpg)

---

3. Alternative: SSH Commit Signing

You can use your existing SSH key to sign commits instead of GPG. This is simpler if you already have SSH set up.

Configure Git for SSH Signing

1. Set the format to SSH:

   git config --global gpg.format ssh

2. Set the signing key to your SSH public key:

   git config --global user.signingkey "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA..."

   (Replace with the content of your .pub file)

3. Enable signing:

   git config --global commit.gpgsign true

Windows Specifics for SSH Signing

If using Windows, ensure Git uses the correct SSH keygen tool:

git config --global gpg.ssh.program "C:/Windows/System32/OpenSSH/ssh-keygen.exe"

---

4. Git Identity

Ensure your local Git identity matches your GitLab account.

git config --global user.name "Your Name"
git config --global user.email "your.email@example.com"