Night Hour

Reading under a cool night sky ... 宁静沉思的夜晚 ...

Verifying the digital signature of the git commits

The instructions here assume that you are using a linux system like Ubuntu and helps you to verify the digital signature of my github projects at https://github.com/ngchianglin. First download a copy of my public key and then import it using gpg.

gpg --import key.pub

Verify that the imported key's fingerprint by running the following command.

gpg --fingerprint B51302D4

The displayed fingerprint should match the one shown here.

D6CF A4C1 A583 9EE9 4B35 FA5C 6630 4AB6 B513 02D4

After verification, you can optionally trust the imported public key by signing it with your own key. In this case, we will not be doing this. Clone the git repository if you have not already done so. Change into the cloned repository directory and run the following command.

git log -1 --show-signature

You should get a message saying

gpg: Good signature from "Ng Chiang Lin (Signing Key for Github Commits) <ngchianglin@users.noreply.github.com>"