How to let others trust you and your commit? This article is to give the answer.
Git is cryptographically secure, but it’s not foolproof. If you’re taking work from others on the internet and want to verify that commits are actually from a trusted source, Git has a few ways to sign and verify work using GPG.
SSH-Key
Generate SSH Key
> ssh-keygen -t ed25519 -C "wenijinew@gmail.com"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/wenijinew.ssh/id_ed25519): id_ed25519_github
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_ed25519_github
Your public key has been saved in id_ed25519_github.pub
The key fingerprint is:
SHA256:WdClfg4fzRTVuuLykusyTsdkze4O9uD3JC4vcTvNlQ0 wenijinew@gmail.com
The key's randomart image is:
+--[ED25519 256]--+
| .. .. ..o|
| ... ..|
| o .. |
| + o +E |
| S = = ooo|
| +.*o...o|
| . *===.. |
| .o+**=oo |
| ..++@Bo. |
+----[SHA256]-----+📙 Keep in mind that it’s better to set a “passphrase” rather than leaving it empty for security reasons. If you did set the passphrase when you created the private key, later, you can add it by command “ssh-keygen -p -f…
