Signing key with TortoiseGit and GitHub

[LudiusMaximus]

When I commit/push to my projects using TortoiseGit and my GitHub credentials, the commits are not attributed to my GitHub profile. I guess this is because I have not set up a signing key with TortoiseGit? (I assumed that my GitHub username and password would suffice to identify me but apparently this ist not the case…)

So I wanted to set up a key but I got confused.

Under TortoiseGit you can setup a Putty Key (.ppk) for each repository:

Capture.JPG831×586 60.2 KB

But when I create a keypair with puttygen.exe,

the public key starts with

---- BEGIN SSH2 PUBLIC KEY ----
Comment: “rsa-key-20180719”
AAAAB3NzaC1yc2EAAA…

and github will not accept this when I try to add a new SSH key:

Capture2.JPG1295×504 56.3 KB

On the other hand, when I generate a key pair as described on the GitHub Page with

ssh-keygen -t rsa -b 4096 -C "_your\[email protected]_"

I get a key pair, whose public key is accepted by GitHub, but the private key is not a .pkk file,

so I guess it would not be accepted by TortoiseGit as a “Putty Key” (did not try)?

How is this done the right way?

Thanks.

[lee-dohm]

A signing key won’t help associate commits with your GitHub account. What you need to do is set your user name and email address, and the email address must match one of the email addresses that you have configured for your GitHub account. See the GitHub help documentation and the Support Protips article Why is my commit associated with the wrong person? for further information.

[NoxFfred]

I had this same problem with the SSH keys. The original post is asking about commit attribution and the solution posted seems to address that.

However, I’d like to know if there is a solution to the SSH key problem itself. Is there a way to use SSH with TortoiseGIT and GitHub without having these key conflicts?

Thanks much for any advice anyone has!

[Nainoia-Inc-Admin]

Related question when trying to push to Github with TortioseGit. I have copied my public SSH into my Github account. And within TortioseGit I point to my SSH key. However, what is the Github URL supposed to be??? Please provide an example.

This doesn’t work…

ssh://[email protected]:>/Repository.git

[airtower-luna]

The scheme is [email protected]:user/repo.git. You can just click on the green “Code” button on your repository page and select “SSH” in the popup to get the exact URL.

[blounsbury-usbr]

I'm sure this is a no-no to resurrect an old thread, but I'm having essentially the same issue. Commits do not show up as Verified on Github when committing using TortoiseGit. If I commit from the command line it works.

My username and email is set correctly in Github and TortoiseGit.

Viewing the effective config from TortoiseGit everything seems fine. I have a user.signingkey and it is set to ssh.

Like I mentioned from the command line it works just fine.

Just can't figure out what needs set from the TortoiseGit side to get this working.

[jbostrus]

So I kind of feel bad to Necro this discussion again. But seeing as I didn't actually see a functional resolution listed yet, and I just came across this page, and I did finally get it working. I thought I would share.

So from the original answer, you would need the email and such in Tortoise to match GitHub. From there, the information from @blounsbury-usbr got me going in the right direction. Ultimately this GitHub page detailing setting up the client from the command line was necessary.

@LudiusMaximus original post noted that Puttygen produced a public file that wasn't suitable for GitHub. In Puttygen the UI has the rsa public key right there to copy/paste.

(dummy generated key just for the screenshot - not an actively used key)

In the post if using a Putty key in the UI there, it also would need to be set to use the GitHub SSH address not the https URL for the remote.

For the rest of this I personally ended up just doing it all from the command line because I couldn't find all the relevant settings in the TortoiseGit UI that easily. Afterwards I realized that the file path for the SSH public key can just be pasted into the Signing Key ID field on the Git settings page in the TortoiseGit UI. The other 2 settings listed below I couldn't find UI entries for. So they needed the command line or direct .gitconfig edits anyway.

1. First in GitHub add your public SSH key for signing. If you already have it for connection, you'll need to add it again and select signing. So it will be listed twice.
   
   

2. From a command line run

• git config --global gpg.format ssh
• git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB
  This last one is what tells it to actually sign things.
• git config --global commit.gpgsign true

If you'd rather edit the Global .gitconfig directly you could do that too. The relevant changes to make would be

Under [user] add

	signingkey = /PATH/TO/.SSH/KEY.PUB

If you're on Windows replace any / with 2 \\ ie C:\\PATH\\TO\\.SSH\\KEY.PUB

Then add the following if they don't already exist

[gpg]
	format = ssh
[commit]
	gpgsign = true

so it would look something like this

And before I get spammed about how insecure it is to keep the key there, this is only to illustrate how it would look. That's not where I keep my keys.

If all was done correctly then after the next local commit and then push to GitHub you should have a nice green Verified on the commit.

[robross0606]

These steps do not appear to fully work in Windows. It keeps telling me the file doesn't exist at the provided path even when it does.