为 Git 设置一个 GPG 密钥后，将在每次 Commit 时确认你配置的密码，并在 GitHub 的 Commit 中显示 Verified 标识，以此标记这个 Commit 确实是由你本人完成的，而不是其他人的假冒。

系统环境

操作系统：windows 10 、工具：pycharm

下载软件

点击这里下载并安装GPG工具，搜索GnuPG binary releases 下载gpg4win

生成密钥

gpg --full-generate-key

gpg (GnuPG) 2.4.7; Copyright (C) 2024 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (9) ECC (sign and encrypt) *default*
  (10) ECC (sign only)
  (14) Existing key from card
Your selection? 1     # GPG 会询问生成何种加密类型的密钥，这里选择 1 
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096   # 询问密钥位数，输入 4096 后按回车（GitHub 仅接受 4096 位及以上的位数，安全性更强）
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0 # 询问密钥的过期时间，我们一般是不希望密钥过期的，直接按回车默认不过期即可
Key does not expire at all
Is this correct? (y/N) y # 确认信息是否正确，直接Y回车
# 输入个人信息
GnuPG needs to construct a user ID to identify your key.

Real name: Ross   # 昵称
Email address: bgs@onross.com # 邮箱，需要GitHub认证过的
Comment: Github Key   #备注
You selected this USER-ID:
    "Ross (Github Key) <bgs@onross.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o # 按o 保存
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: revocation certificate stored as 'C:\\Users\\Administrator\\AppData\\Roaming\\gnupg\\openpgp-revocs.d\\F3199766E212A131E4437565F59509706A862E36.rev'
public and secret key created and signed.

pub   rsa4096 2025-03-26 [SC]
      F3199766E212A131E4437565F59509706A862E36
uid                      Ross (Github Key) <bgs@onross.com>
sub   rsa4096 2025-03-26 [E]

设置密码

在设置个人信息后，你的电脑会弹出一个密码输入窗口，输入两次相同的密码，为密钥设置密码（一定要记住密码）

将密钥绑定至 GitHub

输入命令获取你的 GPG Key ID

gpg --list-secret-keys --keyid-format LONG

找到 uid 行和你刚刚设置的信息相同的字段，在 uid 行的上一 sec 行找到你的 GPG Key ID，本次实验的 GPG Key ID 为 F59509706A862E36，记住它，一会我们要用到几次

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
[keyboxd]
---------
sec   rsa4096/F59509706A862E36 2025-03-26 [SC]
      F3199766E212A131E4437565F59509706A862E36
uid                 [ultimate] Ross (Github Key) <bgs@onross.com>
ssb   rsa4096/40500AAFC59FA954 2025-03-26 [E]

导出公钥

gpg --armor --export [GPG Key ID]

这一步内容可以使用 Kleopatra gui界面来查看管理

将密钥绑定至本地 Git

# 配置邮箱地址，需要github认证
git config --global user.email "邮箱地址"

# 告诉git使用这个GPG Key。
git config --global user.signingkey [你的 GPG Key ID]

# 将所有本地 Commit 默认使用 GPG 进行签名

git config --global commit.gpgsign true

# 指定 GPG 程序所在位置

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"