Signing your Git commits is an essential practice for developers to enhance security and verify authenticity. Below are the steps you can follow to configure your Windows 11 development environment for commit signing.
Generate a GPG key
Install Gpg4win:
winget install gpg4win -s winget
Generate a RSA4096 GPG key:
gpg --full-generate-key
View your key and make note of your secret:
gpg --list-secret-keys --keyid-format=long
View y our public key:
gpg --armor --export <sec_value>
Configure Git
View where Gpg4win was installed and make note of it's location:
(Get-Command gpg).Source | Resolve-Path
Using this path and your GPG secret, update your Git configuration to use it for signing all your commits:
git config --global user.signingkey <sec_value>
git config --global commit.gpgsign true
git config --global tag.gpgsign true
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"
Configure GitHub
If you use GitHub, you will also want to add your public key to the SSH and GPG keys page in your account.