gpg-signing

# Git GPG Signing

Comprehensive guidance for setting up, configuring, and troubleshooting GPG commit signing across all platforms.

## Table of Contents

- [Overview](#overview)
- [When to Use This Skill](#when-to-use-this-skill)
- [Quick Start](#quick-start)
- [Platform-Specific Setup](#platform-specific-setup)
- [Key Generation](#key-generation)
- [Git Configuration](#git-configuration)
- [Passphrase Caching](#passphrase-caching)
- [GitHub Integration](#github-integration)
- [Troubleshooting](#troubleshooting)
- [GPG Signing Methods Comparison](#gpg-signing-methods-comparison)
- [Security Best Practices](#security-best-practices)
- [Resources](#resources)
- [Related Skills](#related-skills)

## Overview

Git commit signing provides cryptographic proof that commits came from you. This skill helps you:

- Install and configure GPG tools on Windows, macOS, and Linux
- Set up commit signing with proper key management
- Configure passphrase caching for better workflow
- Troubleshoot common GPG signing issues
- Understand security trade-offs and best practices

## When to Use This Skill

This skill should be used when:

- Setting up GPG commit signing for the first time
- Configuring GPG tools (Gpg4win, GPG Suite, gnupg)
- Troubleshooting GPG signing errors ("gpg: signing failed", "inappropriate ioctl", etc.)
- Troubleshooting keyboxd daemon startup issues (Windows race condition)
- Determining which GPG installation Git is using
- Understanding Windows daemon startup behavior vs. official design
- Configuring passphrase caching to reduce prompts
- Understanding GPG vs SSH vs S/MIME signing methods
- Adding GPG keys to GitHub/GitLab/Bitbucket
- Resolving "Unverified" commits on GitHub
- Working with `.gnupg/gpg-agent.conf` configuration

## Quick Start

**Basic Setup (Single Personal Key):**

```bash
# 1. Install GPG (see Platform-Specific Setup below)

# 2. Generate key
gpg --full-generate-key
# Select: (9) ECC (sign and encrypt) → Curve 25519
# Expiration: 0 (no expi