Skip to content

Setting up GnuPG

Create a new GPG key

OS X Users NOTE: If the instructions below do not work for you, you may need to upgrade your copy of gpg. To update try: It is recommended that you customize the installation of gpgTools to NOT include gpg Mail (you can deselect it if you customize the installation)

Github instructions

gpg --full-generate-key
  • Select "(1) RSA and RSA (default)" as the type.
  • Select a 4096 bit keysize "What keysize do you want? (3072) 4096"
  • Set the key to not expire "Key is valid for? (0)"
  • Set your full name and the email address associated with your Github and Gitlab accounts:
Real name: first-name last-name
Email address:
You selected this USER-ID:
    "first-name last-name <>"
  • Set a complex passphrase for your private key.

It should return: "public and secret key created and signed." and the new keypair should be present under .gnupg/ in your home directory.

List your GPG keys

List your keys and make note of the value after sec rsa4096/. This will be used for specifying which key you are working with. OSX User Note: You can use the email address you used to create your key if your key build result did not include a value after the sec rsa4096/ notice.

gpg --list-secret-keys --keyid-format=long

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
sec   rsa4096/FF342ASDF39B2 2022-09-13 [SC]
uid                 [ultimate] first-name last-name <>
ssb   rsa4096/ADED1234B3C2C5BD 2022-09-13 [E]

Export ASCII GPG public key

Get the ascii version of the public key that corresponds to your secret key using the armor and export options:

gpg --armor --export FF342ASDF39B2


This public key can then be shared with others to allow them to send you encrypted email or to configure git commit signing.

This page was last updated on December 4, 2023.