Below are a few resources I need to explore later around using GPG, YubiKeys, Git commit signing, amongst other things:
- drduh/YubiKey-Guide: Guide to using YubiKey for GPG and SSH (github.com) – extremely comprehensive.
- Setting Up GPG on Windows (The Easy Way) | Tower Blog (git-tower.com)
- Signing GitHub Commits With YubiKey · Den Delimarsky
- Configure GPG to sign Git commits (in Windows) (neurotechnics.com)
- Managing commit signature verification – GitHub Docs
- Funtoo Keychain Project – Funtoo
Note: spent half an hour trying to figure out why I couldn’t sign a commit, even though encrypting some text worked (i.e. GPG itself was working) – it was because there was a typo in my git config for my name; all identifiers (username + email) must match exactly for signing to work.