PCAP Download and GPG Keys to Download

Download and install the GPG command line tools for your operating system. It is commonly advisable to install the latest version for your operating system.

Checking for existing GPG keys

Prior to generating a GPG key, check to see if you have any existing GPG keys.

1. Open Git Bash.

2. Use the gpg --list-secret-keys --keyid-format=longcommand to display the long form of the GPG keys for which you have both a public and private key. Note that a private key is needed for signing tags or commits.

$ gpg --list-secret-keys --keyid-format=long

3. Verify the command output to detect if you have a GPG key pair.

• If there are no GPG key pairs or you do not want to use any that are available for signing commits and tags, simply generate a new GPG key.

Generating a new GPG key

If you don't already have a GPG key, you can generate a new GPG key to utilize for signing commits and tags.

Generating a GPG key

2. Open Git Bash.

3. Generate a GPG key pair. Because there are numerous GPG versions, you may have to refer to the applicable man page in order to locate the relevant key generation command. Note that the key must use RSA.

• If you are on version 2.1.17 or greater, paste the text below in order to generate a GPG key pair.

$ gpg --full-generate-key

• If you are not on version 2.1.17 or greater, the gpg -full-generate-key command will not work. Simply paste the text below and then jump to step 6.

$ gpg --default-new-key-algo rsa4096 --gen-key

4. Once at the prompt, determine the kind of key you would like, or simply press Enter to accept the default.

5. At the prompt, determine the key size that you would like, or press Enter to accept the default. Note that your key must be at least 4096 bits.

6. Enter the length of time the key should be valid. Press Enter to specify the default selection and signify that the key does not expire.

7. Validate that your selections are accurate.

8. Enter your user ID information.

   ---

   Note: When asked to enter your email address, ensure that you enter the verified email address for your GitHub account. If you would like to keep your email address private, use your GitHub-provided no-reply email address.

   ---

9. Create a secure passphrase.

10. Use the gpg --list-secret-keys --keyid-format=long command in order to list the long form of the GPG keys for which you have both a public and private key. Note that a private key is needed for signing commits or tags.

$ gpg --list-secret-keys --keyid-format=long

11. From the list of GPG keys, copy the long form of the GPG key ID that you would like to use. For this example, the GPG key ID is 3AA5C34371567BD2:

$ gpg --list-secret-keys --keyid-format=long
/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec   4096R/*3AA5C34371567BD2* 2016-03-10 [expires: 2017-03-10]
uid                          Hubot 
ssb   4096R/42B317FD4BA89E7A 2016-03-10

12. Paste the text below, replacing with the GPG key ID that you would like to use. For this example, the GPG key ID is 3AA5C34371567BD2:

$ gpg --armor --export *3AA5C34371567BD2*
# Prints the GPG key ID, in ASCII armor format</SAMP>

13. Copy your GPG key, starting with -----BEGIN PGP PUBLIC KEY BLOCK-----and ending with -----END PGP PUBLIC KEY BLOCK-----.

14. Add the GPG key to your GitHub account.

Adding a new GPG key to your GitHub account

To configure your account on GitHub.com in order to use your new (or existing) GPG key, the key to your account is required.

1. In the upper-right corner of any page, click your profile photo and then click Settings.

2. In the user settings sidebar, click SSH and GPG keys.

3. Click New GPG key.

4. In the Key field, paste the GPG key that you copied when your GPG key was generated.

5. Click Add GPG key.

6. Enter your GitHub password to confirm the action.