Skip to main content

This version of GitHub Enterprise Server was discontinued on 2024-09-25. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Adding a GPG key to your GitHub account

To configure your account on GitHub Enterprise Server to use your new (or existing) GPG key, you'll also need to add the key to your account.

About addition of GPG keys to your account

To sign commits associated with your account on GitHub Enterprise Server, you can add a public GPG key to your personal account. Before you add a key, you should check for existing keys. If you don't find any existing keys, you can generate and copy a new key. For more information, see Checking for existing GPG keys and Generating a new GPG key.

You can add multiple public keys to your account on GitHub Enterprise Server. Commits signed by any of the corresponding private keys will show as verified. If you remove a public key, any commits signed by the corresponding private key will no longer show as verified.

Screenshot of a list of commits. One commit is marked with a "Verified" label. Next to the label, a dropdown explains that the commit was signed and shows a timestamp of when it was signed.

To verify as many of your commits as possible, you can add expired and revoked keys. If the key meets all other verification requirements, commits that were previously signed by any of the corresponding private keys will show as verified and indicate that their signing key is expired or revoked.

Supported GPG key algorithms

GitHub Enterprise Server supports several GPG key algorithms. If you try to add a key generated with an unsupported algorithm, you may encounter an error.

  • RSA
  • ElGamal
  • DSA
  • ECDH
  • ECDSA
  • EdDSA

When verifying a signature, GitHub Enterprise Server extracts the signature and attempts to parse its key ID. The key ID is then matched with keys added to GitHub Enterprise Server. Until a matching GPG key is added to GitHub Enterprise Server, it cannot verify your signatures.

Adding a GPG key

  1. In the upper-right corner of any page on GitHub, click your profile photo, then click Settings.
  2. In the "Access" section of the sidebar, click SSH and GPG keys.
  3. Next to the "GPG keys" header, click New GPG key.
  4. In the "Title" field, type a name for your GPG key.
  5. In the "Key" field, paste the GPG key you copied when you generated your GPG key.
  6. Click Add GPG key.
  7. If prompted, authenticate to your GitHub account to confirm the action.

Further reading