If you don't have a GPG key, run the following commands to generate one and use it for signing commits and tags.
sudo apt-get update && sudo apt-get install -y gpg
RSA and RSA
0as default value to not expire.
Yand Enter to confirm no expiration
O(capital o) and Enter
The output will be like this:
gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key FD9D311F84732894 marked as ultimately trusted gpg: directory '/root/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/719559FDB16002AF97000BC6FD9D311F84732894.rev' public and secret key created and signed. pub rsa4096 2021-08-19 [SC] 719559FDB16002AF97000BC6FD9D311F84732894 uid username <firstname.lastname@example.org> sub rsa4096 2021-08-19 [E]
In the example it shows to be created under root user because the commands for this example are executed in a docker container. On your machine, it will be under your own user.
Use the following command to list the long form of the GPG key for which you have both a public and a private key
gpg --list-secret-keys --keyid-format=long
The output will be like:
gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u /root/.gnupg/pubring.kbx ------------------------ sec rsa4096/FD9D311F84732894 2021-08-19 [SC] 719559FDB16002AF97000BC6FD9D311F84732894 uid [ultimate] MyName <email@example.com> ssb rsa4096/0B89B1E421856836 2021-08-19 [E]
Copy the gpg key id that you find it on the sec line which is
FD9D311F84732894. In your case will be a different one.
Run the following command with the key id selected
gpg --armor --export FD9D311F84732894
Copy your GPG key, beginning with
-----BEGIN PGP PUBLIC KEY BLOCK----- and ending with
-----END PGP PUBLIC KEY BLOCK-----.
Now, you can add your GPG key to your github account