Skip to main content

Adding a GPG key to your GitHub account

To configure your account on GitHub.com to use your new (or existing) GPG key, you'll also need the key to your account.

About addition of GPG keys to your account

To sign commits associated with your account on GitHub, you can add a public GPG key to your personal account. Before you add a key, you should check for existing keys. If you don't find any existing keys, you can generate and copy a new key. For more information, see "Checking for existing GPG keys" and "Generating a new GPG key."

You can add multiple public keys to your account on GitHub. Commits signed by any of the corresponding private keys will show as verified. If you remove a public key, any commits signed by the corresponding private key will no longer show as verified.

To verify as many of your commits as possible, you can add expired and revoked keys. If the key meets all other verification requirements, commits that were previously signed by any of the corresponding private keys will show as verified and indicate that their signing key is expired or revoked.

A verified commit whose key expired

サポートされているGPGキーのアルゴリズム

GitHubはいくつかのGPGキーアルゴリズムをサポートします。 サポートされていないアルゴリズムで生成されたキーを追加しようとすると、エラーが生じることがあります。

  • RSA
  • ElGamal
  • DSA
  • ECDH
  • ECDSA
  • EdDSA

When verifying a signature, GitHub extracts the signature and attempts to parse its key ID. The key ID is then matched with keys added to GitHub. Until a matching GPG key is added to GitHub, it cannot verify your signatures.

GPG キーの追加

  1. 任意のページの右上で、プロフィール画像をクリックし、続いてSettings(設定)をクリックしてください。

    ユーザバーの [Settings(設定)] アイコン

  2. In the "Access" section of the sidebar, click SSH and GPG keys.

  3. [New GPG key] をクリックします。 GPG キーボタン

  4. [Key] フィールドに、GPG キーを生成したときにコピーした GPG キーを貼り付けます。 キーフィールド

  5. [Add GPG key] をクリックします。 キーの追加ボタン

  6. 処理を確認するには、GitHubのパスワードを入力します。

参考リンク