Skip to main content

Adding a GPG key to your GitHub account

要在 上配置帐户以使用新的(或现有的)GPG 密钥,还需要将密钥添加到帐户。

About addition of GPG keys to your account

To sign commits associated with your account on GitHub, you can add a public GPG key to your personal account. Before you add a key, you should check for existing keys. If you don't find any existing keys, you can generate and copy a new key. For more information, see "Checking for existing GPG keys" and "Generating a new GPG key."

You can add multiple public keys to your account on GitHub. 由任何相应私钥签名的提交将显示为已验证。 如果删除公钥,则由相应私钥签名的任何提交将不再显示为已验证。

To verify as many of your commits as possible, you can add expired and revoked keys. If the key meets all other verification requirements, commits that were previously signed by any of the corresponding private keys will show as verified and indicate that their signing key is expired or revoked.

A verified commit whose key expired

支持的 GPG 密钥算法

GitHub 支持多种 GPG 密钥算法。 如果您尝试添加使用不支持的算法生成的密钥,可能会发生错误。

  • RSA
  • ElGamal
  • DSA数字签名算法
  • ECDH
  • EdDSA

When verifying a signature, GitHub extracts the signature and attempts to parse its key ID. The key ID is then matched with keys added to GitHub. Until a matching GPG key is added to GitHub, it cannot verify your signatures.

添加 GPG 密钥

  1. 在任何页面的右上角,单击您的个人资料照片,然后单击 Settings(设置)

    用户栏中的 Settings 图标

  2. 在边栏的“Access(访问)”部分中,单击 SSH 和 GPG 密钥

  3. 单击 New GPG key(新 GPG 密钥)GPG 密钥按钮

  4. 在 "Key"(密钥)字段中,粘贴在生成 GPG 密钥时复制的 GPG 密钥。 密钥字段

  5. 单击 Add GPG key(添加 GPG 密钥)添加密钥按钮

  6. 要确认操作,请输入您的 GitHub 密码。