And it wasn’t my fault.
Who’s fault was it then? Apple’s fault.
Background
Just yesterday, when I logged on to my computer, I tried to commit this commit in my favorite editor (Atom, of course).
But this is when everything went wrong: the pop-up requesting my GPG key password appeared.
There’s nothing wrong with it except that it shouldn’t have popped up: I had the password saved to my Keychain. I never had to worry about the password for a long time.
In fact, so long that I forgot the password.
Being the smart guy I am, I have set different passwords for different accounts. So that way when one account is compromised, others won’t be.
What was my emergency plan? It was a simple, well-thought out, very comprehensive solution: panic.
And so I deleted my old key (since it was useless to me), deleted it from GitHub (later on, we’ll see how I regret this particular step), created a new key, and uploaded that to GitHub.
The first commit signed with my new key was the commit said before.
Now, remember the step where I said I regretted it? The one where I deleted the old key from my GitHub account? Well, how come my old commits, say this one is still “verified”?
That’s because I recovered it.
The adventure
Did you know I have 2 computers? One of them was an old one and the other is my current one. What I did was simply this:
- Go to my old computer
- Run
gpg --armor --export E3D27A8B9487AA0Eand copy the output (I could’ve donegpg --armor --export E3D27A8B9487AA0E | pbcopybut shush: this still works) - Paste that into a new GPG key to GitHub. In other words, tell GitHub about it
Conclusion
In the future, I will need to remember my passwords better. At least I have an action plan now, better than “panic”.
Psst, I might make a blog post about how to sign your commits with GPG. Stay tuned, I guess