This post aims at enabling you to sign your commits, sign past commits, removing accidental signatures and editing your config to do this with less active thought.
Within this post I presume you have set
user.name and thereby know of the global config file (.gitconfig in your $HOME) and the repo specific config (.git/config in your repository) overriding global settings. From that I will give you all you should need to know how to sign future commits and add signatures to commits you did before knowing how to sign them.
The benifit of signing your commits should be obvious to you once you set
user.name with some arbitrary string that someone decided to be your name. You can put anything in there, so merely looking at
git log gives you a mere fairy tale of who did some commit. To preserve proof to others and your future self wether or not you wrote some commit git is equipped to sign commits using GPG.
Setting the key to use
The relevant setting to know which key to use is
user.signingKey. So now your config should look something like this:
[user] email = firstname.lastname@example.org name = Bobby Fairytale signingKey = F348B9E7DD1CCE61A14E2C1D0A3AF5173C1DFE92
Now when you commit the default will for it not to be signed which you can override for a single commit using the
-S flag like this:
git commit -a -S -m"Bobby Fairytale is not my real name, but you can look at the signature to know it."
Making signed commits the default
But since at least during the same project you want all of your commits signed of course there is a way to make that default. For that set the setting
commit.gpgSign to true. So now your config looks like this:
[user] email = email@example.com name = Bobby Fairytale signingKey = F348B9E7DD1CCE61A14E2C1D0A3AF5173C1DFE92 [commit] gpgSign = true
Commiting unsigned against your new default
Now all your future commits will be signed, unless you actively do not by overriding the setting using the
-c flag that you can also use to override literally any setting for a single git command. So to commit unsigned now you will do like this:
git -c 'commit.gpgSign=false' commit -am'maybe I am Bobby Fairytale? You will never know, because I did not sign this commit.'
Adding Signature to past commits
Now you probably have some reposirories where you want to add your signature to your commits. I actually didn't do this myself yet, so you will have to take my hint at the first answer at https://superuser.com/questions/397149/can-you-gpg-sign-old-commits (answered Sep 13 '16 at 14:32) with a grain of salt. However I used their command
git commit --amend --no-edit -S to add a signature on the last commit on the branch you're currently at.
Undoing a signature
When you find yourself mistakeing wether you commited the changes you want signed, like I did, you may want to undo the signature, because the commit was someone else's. To do so again we will make use of the
-c flag like this:
git -c 'commit.gpgSign=false' commit --amend --no-edit.
So you see I did take the hints from StackOverflow, cross checked them with the man-page for git-commit and git-config but didn't use the part about rebasing so far. So as always with tutorials from the internet: use your own brain, cross check if possible, create a test system when not so. Be safe on your journey and happy signing.