From f34a619f1f21bb798c3e29959ae2dcbffae96d3d Mon Sep 17 00:00:00 2001
From: Natalia Portillo <claunia@claunia.com>
Date: Thu, 9 Jan 2020 22:43:03 +0000
Subject: [PATCH] Add guide to configure commit signing on Windows.

---
 CONTRIBUTING.md | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 CONTRIBUTING.md

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 00000000..298ad158
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,36 @@
+# Contributing
+
+## Commit signature
+For security reason we require all commits to be cryptographically signed.
+This section explains how to setup the development environment for that purpose.
+
+### Visual Studio and Visual Studio Code for Windows
+You need to install Git for Windows. It is available as a component of Visual Studio, or separately in https://gitforwindows.org.
+
+You also need to install Gpg4win from https://www.gpg4win.org. Ensure to select the Kleopatra component.
+
+Once you have them installed, open Kleopatra and generate a new key pair, of OpenPGP type, following the instructions [here](https://www.gpg4win.org/doc/en/gpg4win-compendium_12.html).
+Save aside the fingerprint, you'll need it later.
+
+Now go to environment variables (in the properties of your computer) and add this to the path:
+`C:\Program Files\Git\usr\bin`
+
+Finally, open Git Bash, and write the following commands if you want all git commits to be signed:
+```bash
+git config --global commit.gpgsign true
+git config --global user.signingkey <FINGERPRINT>
+git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"
+```
+or if you want the options to apply only for this project
+```bash
+cd /DRIVE/PATH_TO_PROJECT
+git config commit.gpgsign true
+git config user.signingkey FINGERPRINT
+git config gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"
+```
+
+replacing `FINGERPRINT` with the fingerprint you saved from the key generation, `DRIVE` with the drive letter and `PATH_TO_PROJECT` using `/` as path separator.
+
+Once this is done, every time you commit in VS / VSCode, a message box titled `pinentry-qt` will ask for the passphrase you set up earlier and sign the commit with your key.
+
+For GitHub to recognize your signature you need to follow the steps [here](https://help.github.com/en/github/authenticating-to-github/adding-a-new-gpg-key-to-your-github-account). 
\ No newline at end of file