Sign with GPG

Although GPG is not yet fully integrated into Gitfox, you can still let git sign your commits automatically on commit.

1. Install either the Retail or Setapp versions of Gitfox

The Mac AppStore version won’t work for signing because it is sandboxed. Gitfox must be able to access tools located outside the sandbox container.

2. Install GPG and pinentry-mac using Homebrew

brew install gnupg pinentry-mac

3. Configure GPG to use pinentry-mac

echo "pinentry-program `brew --prefix`/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf

4. Unset the previous key format (optional)

If git was configured previously to use a different key format when signing, unset the format first.

git config --global --unset gpg.format

5. List your current GPG keys with

gpg --list-secret-keys --keyid-format=long

If you don't have a key, you can generate one using gpg --gen-key first.

6. Copy your GPG key ID from the output

It looks something like this:

%  gpg --list-secret-keys --keyid-format=long
/Users/john/.gnupg/pubring.kbx
-----------------------------
sec   ed25519/A418DD60F3B71C8D 2022-10-28 [SC] [expires: 2024-10-27]
        766457B35BF86321BA65DF24D7F05B7FFED4280A
uid                 [ultimate] John Doe <[email protected]>
ssb   cv25519/6C35AA069C291455 2022-10-28 [E] [expires: 2024-10-27]

In this example, the GPG key ID is A418DD60F3B71C8D

7. Configure git to use your GPG key

git config --global user.signingkey A418DD60F3B71C8D

Substitute the example ID A418DD60F3B71C8D with your actual key ID.

8. Configure git to automatically sign commits

git config --global commit.gpgsign true

9. Restart the GPG agent

gpgconf --kill gpg-agent

Your commits should now be signed automatically on commit. pinentry-mac will prompt you for your GPG key passphrase on your first commit. You can tell pinentry-mac to store it in your keychain, so you won't be prompted again.