Use gpg to sign git commits in eclipse

It seems to be a missing feature of EGit, you should probably suggest this enhancement to http://bugs.eclipse.org .


That should be possible with Eclipse 2019-03 (three years later), which includes EGit 5.3.0.

EGit 5.3.0 can sign commits with GPG.

Note: EGit 5.3.0 requires Eclipse Neon (4.6) or better.
So you can test it in your Eclipse, as long as it is Neon or more recent.

Screenshot of the EGit Staging View with the new "Sign commit" icon -- https://wiki.eclipse.org/images/9/9f/Egit-commit-sign.png

The new icon in the upper right will allow you to toggle commit signing on or off.

The default is read from the Git configuration.
If the config option commit.gpgsign is set to true, the button will be selected by default.
The value of user.signingkey will be used to determine the signing key.

  • If the value is unset, the email address of the committer will be used to lookup the key.
  • If no key can be found a commit will fail.

Keys will be looked up from your GPG keyring (either ~/.gnupg/pubring.kbx or ~/.gnupg/secring.gpg;
on Windows the directory %APPDATA%\gnupg is used—if it exists—instead of ~/.gnupg).

See the following GitHub help pages for help on GPG signing keys:

  • Generating a new GPG key
  • Telling Git about your signing key
  • Associating an email with your GPG key

Update 2022:

Since EGit 5.11 (Eclipse 2021-03) you can

  • sign commits with an external GPG installation: https://wiki.eclipse.org/EGit/New_and_Noteworthy/5.11#Using_GPG_to_Sign_Commits_and_Tags
  • verify commit signatures in the History view by clicking on a particular commit: https://wiki.eclipse.org/EGit/New_and_Noteworthy/5.11#Verifying_Commit_Signatures
  • there is an issue to highlight signed commits in the History view without clicking on a particular commit, like on GitHub: https://bugs.eclipse.org/bugs/show_bug.cgi?id=576307 (Status = NEW at the time of writing)

You can also automatically sign commits when you commit in Eclipse

The following worked for me:

  1. Reference your GPG installation in the Eclipse preferences: enter image description here
  2. Update your .gitconfig as follows:

Add your sign key (replace 0150436D9CD488B3, see https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key how to find yours)

git config --global user.signingkey 0150436D9CD488B3

Add your GPG installation (replace the path):

git config --global gpg.program "C:\Program Files\Git\usr\bin\gpg.exe"

Set auto-sign to true:

git config --global commit.gpgsign = true

Now the "Sign Commit" toggle button is toggled by default: enter image description here

Tags:

Eclipse

Git

Gnupg

Recent Posts