Comprehensive guide to GPG commit signing. Set up, configure, and troubleshoot GPG commit signing. Fix GPG signing errors, configure passphrase caching, verify commit signatures. Use when working with Git commit signing, GPG keys, commit verification, signature verification, GPG configuration, or when encountering GPG signing errors. Covers Windows (Gpg4win), macOS (GPG Suite), Linux (gnupg), and WSL installation and setup.
View on GitHubJanuary 21, 2026
Select agents to install to:
npx add-skill https://github.com/melodic-software/claude-code-plugins/blob/main/plugins/git/skills/gpg-signing/SKILL.md -a claude-code --skill gpg-signingInstallation paths:
.claude/skills/gpg-signing/# Git GPG Signing
Comprehensive guidance for setting up, configuring, and troubleshooting GPG commit signing across all platforms.
## Table of Contents
- [Overview](#overview)
- [When to Use This Skill](#when-to-use-this-skill)
- [Quick Start](#quick-start)
- [Platform-Specific Setup](#platform-specific-setup)
- [Key Generation](#key-generation)
- [Git Configuration](#git-configuration)
- [Passphrase Caching](#passphrase-caching)
- [GitHub Integration](#github-integration)
- [Troubleshooting](#troubleshooting)
- [GPG Signing Methods Comparison](#gpg-signing-methods-comparison)
- [Security Best Practices](#security-best-practices)
- [Resources](#resources)
- [Related Skills](#related-skills)
## Overview
Git commit signing provides cryptographic proof that commits came from you. This skill helps you:
- Install and configure GPG tools on Windows, macOS, and Linux
- Set up commit signing with proper key management
- Configure passphrase caching for better workflow
- Troubleshoot common GPG signing issues
- Understand security trade-offs and best practices
## When to Use This Skill
This skill should be used when:
- Setting up GPG commit signing for the first time
- Configuring GPG tools (Gpg4win, GPG Suite, gnupg)
- Troubleshooting GPG signing errors ("gpg: signing failed", "inappropriate ioctl", etc.)
- Troubleshooting keyboxd daemon startup issues (Windows race condition)
- Determining which GPG installation Git is using
- Understanding Windows daemon startup behavior vs. official design
- Configuring passphrase caching to reduce prompts
- Understanding GPG vs SSH vs S/MIME signing methods
- Adding GPG keys to GitHub/GitLab/Bitbucket
- Resolving "Unverified" commits on GitHub
- Working with `.gnupg/gpg-agent.conf` configuration
## Quick Start
**Basic Setup (Single Personal Key):**
```bash
# 1. Install GPG (see Platform-Specific Setup below)
# 2. Generate key
gpg --full-generate-key
# Select: (9) ECC (sign and encrypt) → Curve 25519
# Expiration: 0 (no expi