11

I am having trouble signing commits. With the following git config:

user.name=Bob
user.email=[bob's email]
user.signingkey=ABCDEFGH
user.user=bob1
gpg.program=gpg2

I was told to include only the first eight characters of the secret key.

After staging, upon git commit -S -m "commit message", I receive the following errors:

error: gpg failed to sign the data
fatal: failed to write commit object

It seems that most users who encounter this error are on Macs and have some extra setup to do. But I'm on Kali Linux.

Any advice?

jww
  • 97,681
  • 90
  • 411
  • 885
pmcg521
  • 349
  • 1
  • 4
  • 15
  • [Gpg failed to sign the data fatal: failed to write commit object](https://stackoverflow.com/q/39494631/608639). `git commit -vvv -S ...` may provide more information. – jww Oct 15 '18 at 00:52
  • @jww that did not change the output for me at all. My Signing key was **simply expired**. – peter.babic Nov 28 '22 at 15:42

3 Answers3

24

I was told to include only the first eight characters of the secret key.

The value of user.signingkey is a key id identifying which key git should use when generating the signature.

There's a complete example in the official documentation that shows how this should work. If gpg --list-keys shows something like:

/Users/schacon/.gnupg/pubring.gpg
---------------------------------
pub   2048R/0A46826A 2014-06-04
uid                  Scott Chacon (Git signing key) <schacon@gmail.com>
sub   2048R/874529A9 2014-06-04

Then the key id is 0A46826A:

git config --global user.signingkey 0A46826A
larsks
  • 277,717
  • 41
  • 399
  • 399
  • 1
    Thanks, this helped. I misunderstood the key length. I was providing the first 8 because 2048R uses eight, while RSA4096 outputs a longer key. After cleaning the git config and setting the values with --global (specifying the full key), it worked! – pmcg521 Oct 15 '18 at 19:07
  • One of the missing nail. The other one, is the email associated with the `gpg` key should be verified by github. Go to your github profile and add this new email into your github profile, after which, github will send you a verification email and when you click the button from that email then your `gpg` key shall then be marked as verified. At first, I thought that doing a signed commit push to one of my repo will verify my `gpg` key but it didn't. Secondly, I also thought that publishing my `gpg` key to `keyserver.ubuntu.com` will verify my `gpg` key, but it didn't. – daparic Mar 19 '21 at 17:29
  • This is the only one that helps for me. I am using macOS with gpg2 and pinentry-mac. – sunsoft Jul 30 '21 at 03:14
7

Had the same problem using WSL (Ubuntu). Working solution for me was adding export GPG_TTY=$(tty) into ~/.bashrc, thanks to this answer.

amordo
  • 449
  • 5
  • 15
4

For those who followed the answer but could not make it work. There is a chance that you had tried other solutions and accidentally did this (which is for MacOSX, not Linux)

git config --global gpg.program=gpg2

You should only do that if you are using MacOSX. For Linux, you can fix it by unset-ing that entry first by running this command (because your system uses gpg NOT gpg2).

git config --global --unset gpg.program

Now you can follow the accepted answer in this page to tell Git to use your key.

Long
  • 1,482
  • 21
  • 33