gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]

Question

I followed few articles over the pretty attributes on Git 2.10 release note. Going through which upgraded the git to 2.10.0 and made changes to global .gitconfig resulting as follows -

[filter "lfs"]
    clean = git-lfs clean %f
    smudge = git-lfs smudge %f
    required = true
[user]
    name = xyz
    email = abc.def@gmail.com
    signingkey = AAAAAAA
[core]
    excludesfile = /Users/xyz/.gitignore_global
    editor = 'subl' --wait
[difftool "sourcetree"]
    cmd = opendiff \"$LOCAL\" \"$REMOTE\"
    path = 
[mergetool "sourcetree"]
    cmd = /Applications/SourceTree.app/Contents/Resources/opendiff-w.sh \"$LOCAL\" \"$REMOTE\" -ancestor \"$BASE\" -merge \"$MERGED\"
    trustExitCode = true
[alias]
    lg = log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative
[color "diff"]
    old = red strike
    new = green italic

But now that I try to sign my commits using

git commit -a -S -m "message"

I get to see the following error -

You need a passphrase to unlock the secret key for

user: "XYZ (Digitally Signed) "

2048-bit RSA key, ID AAAAAAAA, created 2016-07-01

error: gpg failed to sign the data fatal: failed to write commit object

Note - I can still commit changes using git commit -a -m "message"

Is there a way to overcome the same? Or any change required in gpg configs to get along with the upgradation of git?

Update 1

Also seeking further usefulness, following Is there a way to "autosign" commits in Git with a GPG key?. I've already configured the key using

git config --global user.signingkey ED5CDE14(with my key) 
git config --global commit.gpgsign true

and quite obviously getting the same error anyway.

I face similar issue. I uninstalled Git 2.8 (git-scm) on Windows. And installed 2.10. Now I get `gpg failed to sign the data` every time I use `-S`. In 2.8, I can sign a commit without problem. I don't know what happen. — Illuminator, Sep 16 '16 at 15:30
Possible duplicates: https://stackoverflow.com/questions/41052538/git-error-gpg-failed-to-sign-data and https://stackoverflow.com/questions/41502146/git-gpg-onto-mac-osx-error-gpg-failed-to-sign-the-data — DrBeco, Nov 19 '17 at 20:03
An irony, I'd changed my machine to set up things afresh and ended up looking for my own question and none of the suggested solution looks clean enough to me to just get started simply. — Naman, Mar 15 '18 at 04:11
Try `gpgconf --kill gpg-agent` [as discussed here](https://superuser.com/a/1150399) — Lounge9, Mar 08 '19 at 22:38
For me fix was: git config `user.name` was != name used when creating PGP key — stacksonstacks, Oct 23 '19 at 00:47
Make sure that `git config --get-all user.name` and `git config --get-all user.email` are same as key used for signing, which can be checked via `gpg -K --keyid-format SHORT` — Max Vorobjev, Apr 16 '20 at 15:13
I had to make sure [GPG Suite](https://gpgtools.org/) was downloaded for `git config --global user.signingkey` to work. — Tanner Dolby, Dec 04 '20 at 10:58
In my case, I use GPG Keychain on macOS. I opened it up and my primary key had expired a couple days ago. It prompted me to extend it. I did that and retried the commit and it worked flawlessly. — Joshua Pinter, May 31 '21 at 14:59
In my case, I use GPG Keychain on macOS, and `~/.gnupg` is a symbolic link to my streaming Google Drive (`/Volumes/Google Drive/...`). Switching Google Drive to mirroring mode fixed it. The clue was `gpg-agent --daemon` → `error binding socket to '/Users/cunnie/.gnupg/S.gpg-agent': Operation not supported` — Brian Cunnie, Nov 03 '21 at 00:29
The irony is that the question asked around 6 years ago (2016), is still valid & applicable in 2022. — Rewanth Tammana, Nov 01 '22 at 14:47

score 932 · Accepted Answer · edited Apr 12 '23 at 17:45

932

I ran into this issue with macOS.

Original answer:

It seems like a gpg update (of brew) changed to location of gpg to gpg1, you can change the binary where git looks up the gpg:

git config --global gpg.program gpg1

If you don't have gpg1: brew install gpg1.

Updated answer:

It looks like gpg1 is being deprecated/"gently nudged out of usage", so you probably should actually update to gpg2, unfortunately this involves quite a few more steps/a bit of time:

brew upgrade gnupg  # This has a make step which takes a while
brew link --overwrite gnupg
brew install pinentry-mac
echo "pinentry-program $(brew --prefix)/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

The first part installs gpg2, and latter is a hack required to use it. For troubleshooting, see this answer (though that is about linux not brew), it suggests a good test:

echo "test" | gpg --clearsign  # on linux it's gpg2 but brew stays as gpg

If this test is successful (no error/output includes PGP signature), you have successfully updated to the latest gpg version.

You should now be able to use git signing again!
It's worth noting you'll need to have:

git config --global gpg.program gpg  # perhaps you had this already? On linux maybe gpg2
git config --global commit.gpgsign true  # if you want to sign every commit

Note: After you've run a signed commit, you can verify it signed with:

git log --show-signature -1

which will include gpg info for the last commit.

edited Apr 12 '23 at 17:45

grg

5,023
3
34
50

answered Oct 16 '16 at 04:37

Andy Hayden

359,921
101
625
535

9

Setting gpg.program to /usr/local/bin/gpg (no "1") fixed it for me. – Iskar Nov 22 '16 at 09:31
@nullpointer apologies, only just saw the second comment. Looks like this is discussed [on github](https://github.com/Homebrew/brew/issues/708#issuecomment-239627010), the long and short of it seems to be: it was in the caveats, no-one reads the caveats! – Andy Hayden Nov 25 '16 at 02:35
5

It seems an update of `gnupg2` with `brew` messed with symlinks thus `gpg` was removed, I had fix links using `brew link --overwrite gnupg2`. – bric3 Jan 12 '17 at 13:43
`brew install gpg1` to install gpg1 – Dorian Feb 22 '17 at 06:51
@Dorian why did you delete the reference to the medium blog post? – Andy Hayden Feb 22 '17 at 07:34
8

hm... doesn't work. still gives my error with signing in xcode. – Albert T. Wong Mar 30 '17 at 02:26
This answer from 2016 should be upgraded. It is better now to use `git config --global gpg.program gpg` , which links just fine to gpg2 – DrBeco Nov 19 '17 at 18:52
1

@DrBeco isn't that the original location/behavior? I still have the same issue on osx (I think I have updated my brew fairly recently), `gpg1` is the still exported executable. – Andy Hayden Nov 19 '17 at 19:13
Hum... Maybe it is a OSX thing. Mine (debian) is working fine (not before I hit my head in many bricks). Well, let it as it is, or if in the future you come up with some definite solution, it is always better to use the latest versions of gpg (or any software btw). – DrBeco Nov 19 '17 at 19:48
@DrBeco ah, interesting, so [gpg1 is being "gently nudged out of usage"](https://github.com/Homebrew/brew/issues/708#issuecomment-239625115), I will look into this and update the answer accordingly. – Andy Hayden Nov 19 '17 at 20:23
1

It's working for me, and I use the gpg2, now. ```git config --global gpg.program gpg2``` – Chu-Siang Lai Jan 07 '18 at 13:38
1

For me, all I had to do was `brew resintall pinentry-mac` (and `killall gpg-agent` and do a test sign with `echo "test" | gpg --clearsign`), because somehow it could not do it's job. – Erik May 02 '18 at 08:51
123

`killall gpg-agent && gpg-agent --daemon --use-standard-socket --pinentry-program /usr/local/bin/pinentry` finally fixed it for me – Dan Bechard Sep 27 '18 at 00:06
Im on mac and I had to do `echo no-tty >> ~/.gnupg/gpg.conf` to fix this – Pasan W. Oct 15 '18 at 06:48
1

I just want to say that it is only working if used system /usr/bin/git and not works with git installed via brew – IGHOR Jan 28 '19 at 16:04
First make sure you've imported your gpg key to your newly installed machine. – Anwar Sep 04 '19 at 06:20
2

With the `echo "test" | gpg --clearsign` I'm getting `gpg: signing failed: Inappropriate ioctl for device` – Aaron Franke Sep 06 '19 at 20:45
12

It only worked with me when i used the short ID `git config --global user.signingkey ` . – Mohamed Hashem Oct 26 '19 at 16:54
I also issued some problems (MacOS) after all operations. If so, plz refer this comment https://github.com/keybase/keybase-issues/issues/2798 – Xentatt Jan 04 '20 at 22:36
2

I only did `killall gpg-agent` and the problem was gone. Thanks @DanBechard – Sergey Alekseev Apr 23 '20 at 10:45
@DanBechard how to make this survive a reboot? – blackjacx May 04 '20 at 16:18
@blackjacx it survives reboot for me, but you could schedule a cron job to run at startup. – Dan Bechard May 05 '20 at 22:50
2

As of Catalina (11.1) the homebrew formula for `gpg` is identical to `gpg2`. I suspect `gpg2` is being retained for backwards compatibility. You might want to update your answer – jwm Feb 15 '21 at 20:02
3

I solved it. Instructions are right overall. The problem is in the line `echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf` — before blindly copy-pasting, check yourself, where is executable "`pinentry-mac`" located. It's done via `which`: `which pinentry-mac`. On my M1 mac mini, it's `/opt/homebrew/bin/pinentry-mac`! So, edit that `~/.gnupg/gpg-agent.conf`, for example using sublime text: `subl ~/.gnupg/gpg-agent.conf` and edit accordingly, like in my case: `pinentry-program /opt/homebrew/bin/pinentry-mac`. That solved the problem for me. – revelt Jul 15 '21 at 19:17
Doesn't work. Now I'm being prompted for a pin. I've never had a pin, and I've never needed to enter anything like a pin to commit before, so I still can't commit. You never explain why `pinentry` is required at all. – XanderStrike Jul 27 '21 at 23:01
Adding to the fun here. I had to add the email of the parent key (my signing key is a subkey) as opposed to using the keygrip which is how I have it set-up on Linux. – vhs Feb 17 '22 at 10:07
When I remove `~/.gnupg` and configure a new key it's solved for me. – Rafael Monteiro Porto Jun 06 '22 at 21:30
In MacOs the one that worked for me was `git config --global gpg.program gpg2` – Yor Jaggy Jun 09 '23 at 20:30
Updated answer worked exactly as expected for me. Thank you! – greatgumz Jun 16 '23 at 01:08
I already had GPG on my Windows PC, and `gpg --list-keys` would successfully list my key **in Git Bash* (not in the standard Windows Command Line), however, GitHub Desktop wasn't working for me. The solution was to add Git's GPG binary to my PATH variable. So I added `C:\Program Files\Git\usr\bin` to the PATH, and GitHub Desktop began working. If you have Git installed on your PC, you likely already have GPG installed at: `C:\Program Files\Git\usr\bin\gpg.exe`. – Raphael Setin Jun 26 '23 at 23:09

Koraktor · Answer 2 · 2017-04-26T18:34:30.553

736

If gnupg2 and gpg-agent 2.x are used, be sure to set the environment variable GPG_TTY.

export GPG_TTY=$(tty)

See GPG’s documentation about common problems.

edited Apr 26 '17 at 18:34

answered Feb 16 '17 at 05:39

Koraktor

41,357
10
69
99

47

If using fish, put `set -x GPG_TTY (tty)` on your profile. – fasfsfgs Jul 23 '17 at 01:24
@StuartCardall What is the point of the chown command? Typically it will have already been assigned to you by a system process, when you logged in or created the pseudo-tty. If it's owned by someone else and you're not root, it will fail. If the group is something else, it probably doesn't matter, and users will typically not be in group tty. – poolie Nov 12 '17 at 19:17
@poolie - it matters if you `su` to `root` on a remote server – Stuart Cardall Nov 12 '17 at 20:31
19

I added the variable to `~/.zshrc` and I can make commits again, now that it connects correctly to the terminal. Thanks for all your help! – Alex Gurrola Nov 16 '17 at 23:27
This is also in the GitHub instructions: https://help.github.com/articles/telling-git-about-your-gpg-key/ – bonh Nov 17 '17 at 04:19
How to remember this export, so I don't need to execute this command every time? – schellingerht Jun 18 '18 at 20:31
This has had me chasing my tail for weeks! Sometimes it works, others it doesn't! This was the key to making it work reliably! Thank you! – Gargravarr Jun 22 '18 at 17:59
I ran this command and it still doesn't work, I'm using Bash and GPG 2.2.4. – Aaron Franke Sep 17 '19 at 14:09
20

This is what I needed for WSL2. – Theodore R. Smith Jul 28 '20 at 23:50
This worked for me with `gpg (GnuPG) 2.2.23` installed using `brew install gpg`. – neilm Oct 28 '20 at 14:36
15

`zsh` users with Powerlevel10k with Instant Prompt enabled beware, you might end up with a `not a tty` value: https://unix.stackexchange.com/a/608921/5095. A quick workaround is to just use a much faster and safer (in the context of Zsh): `export GPG_TTY=$TTY`. – Igor Klimer Nov 24 '20 at 21:04
JFI: Please check if the terminal has enough space to display passphrase input. I had the same issue where in VSCode I made the terminal smaller and then committing would fail with the same error because passphrase input was not able to be displayed. – Mr.Online Feb 03 '23 at 06:17

score 468 · Answer 3 · edited Jan 11 '23 at 03:40

468

GIT_TRACE=1 shows what git is actually doing:

$ GIT_TRACE=1 git commit -m "example commit message"
20:52:58.902766 git.c:328               trace: built-in: git 'commit' '-vvv' '-m' 'example commit message'
20:52:58.918467 run-command.c:626       trace: run_command: 'gpg' '--status-fd=2' '-bsau' '23810377252EF4C2'
error: gpg failed to sign the data
fatal: failed to write commit object

Now run the failing command manually:

$ echo "dummy" | gpg -bsau 23810377252EF4C2
gpg: skipped "23810377252EF4C2": Unusable secret key
gpg: signing failed: Unusable secret key

Turns out that my key was expired, and git was not to blame.

edited Jan 11 '23 at 03:40

Mateen Ulhaq

24,552
19
101
135

answered Nov 29 '17 at 20:30

Bombe

81,643
20
123
127

15

This actually helped me solve my own problem, and it's a solution for every type of problem with this status message. +1 – xHocquet Dec 06 '17 at 17:17
Thanks for the debugging walk through. My key was expired as well. – Sgnl Dec 21 '17 at 22:18
5

Thanks! This led me to my problem. Strangely enough my local `.git/config` had a `name` specified in one project that did not match my signing email. That was enough to reject it. – kross Jan 24 '18 at 20:11
28

Well, executing `gpg -bsau ` on my machine doesn't execute anything. Is this suppose to take too long to execute? Or does that mean the key is fine to be used? @VonC any insights? – Naman Mar 15 '18 at 04:03
@nullpointer It depends on your version of Git and your PATH. Try the same command with a simplified PATH (as in https://stackoverflow.com/a/49248983/6309), for testing. – VonC Mar 15 '18 at 07:07
3

I get `secret key not available` – Dorian Apr 20 '18 at 08:30
14

If your key was expired, you can renew it following the instructions here: https://stackoverflow.com/a/43728576/2635190 – Constablebrew Apr 23 '18 at 17:27
1

I had a similar problem to @kross. My git is configured with `Aaron Meurer ` but somehow my gpg key got generated with `Aaron S. Meurer `. Adding `Aaron Meurer ` to my gpg key and setting it as the primary fixed the problem. – asmeurer Jul 02 '18 at 18:11
I get `gpgsm: can't sign using '...': No public key`. Any ideas please? – Victor Jan 20 '19 at 22:22
Thanks for sharing, I was able to check my secret has not been imported properly – gonzalesraul Sep 19 '19 at 09:36
7

This is the only correct answer. Better to know what's going on than to try a million different possible solutions blindly – Samie Bencherif Dec 21 '19 at 01:17
I also got this exact error but my keys are not expired. Turns out I had to put my GPG key into github as well – PPP Jul 03 '20 at 04:34
3

Thank you! Fixed it for me. My gpg agent was a point release behind running gpg so it was bawking. Running the advised `gpgconf --kill all` worked perfectly. Thanks! – Othyn Aug 31 '21 at 14:34
2

best answer! for me, it was a fresh GPG setup so enabling GIT_TRACE led me to `No secret key` After I ran `git config --global user.signingkey` I was then able to sign my commit. THANK YOU – nxmohamad Apr 24 '22 at 01:33
@Dorian I had the same issue. Turns out I didn't set my git config email. As @asmeurer stated, make sure your git email (if it's set, you'll see a `user.email` line in `git config --list`) matches your gpg email (listed in `gpg --list-secret-keys`). – Matt Popovich Jun 21 '22 at 02:19
This answer helps a lot of git issues. One will get to know what is exactly being failed. – Panchakshari Puranmatt Jan 05 '23 at 11:15
@Naman Try `echo "hello world" | gpg -bsau `. – Mateen Ulhaq Jan 11 '23 at 03:35
1

answers like this <3 – inquisitive Aug 31 '23 at 13:36

score 224 · Answer 4 · edited Aug 07 '21 at 10:46

224

Follow the below url to setup signed commit https://help.github.com/en/articles/telling-git-about-your-signing-key

if still getting gpg failed to sign the data fatal: failed to write commit object

this is not issue with git ,this is with GPG follow below steps

gpg --version
echo "test" | gpg --clearsign

if it is showing:

gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device

then use export GPG_TTY=$(tty)
then again try echo "test" | gpg --clearsign in which PGP signature is got.
git config -l | grep gpg

gpg.program=gpg
commit.gpgsign=true

apply git commit -S -m "commitMsz"

edited Aug 07 '21 at 10:46

erhun

3,549
2
35
44

answered May 05 '19 at 14:35

jayesh

3,277
1
18
7

31

`export GPG_TTY=$(tty)` was the trick. Added that to my `.zshrc` file – Shane Stillwell Mar 28 '20 at 02:56
3

Success with Ubuntu 20.04. Thanks! This wasn't the first Answer to offer `export GPG_TTY=$(tty)`. The difference here is that @jayesh also offered a test and nothing about gpg2, fish, or brew which are not related (?) to anything in Ubuntu. This is also a more recent answer, which for my purposes means at this moment this answer might be better than those that are a couple years old. So good job on this short, effective, and up-to-date posting. – TonyG Dec 07 '20 at 01:04
2

I confirm this works on WSL2! In Git Bash I didn't need to do this configuration i. e. The GUI appeared naturally. However, in WSL2, despite having GUI support via an X server, it didn't work without `export GPG_TTY=$(tty)`. This worked beautifully. – Param Siddharth Aug 10 '21 at 18:10
Saved the day with `export GPG_TTY=$(tty)`! Confirmed on `Kali ARM 5.4.83-Re4son-v7l+` and `gpg (GnuPG) 2.2.27`. – Kamil Gierach-Pacanek Aug 28 '21 at 18:37
2

SAVED MY DAY (AND NIGHT). Can you tell what export GPG_TTY=$(tty) means? – Aji Saputra Raka Siwi Sep 28 '21 at 16:07
for any body who face the issue that he/she want to enter this command in every new session you can add this step 3. and step 4 line in .bashrc – MURHAF AL-MSRI Oct 26 '21 at 11:41
I confirm step 3 fixes the issue on Ubuntu 20.04 on WSL2. Also, if you have `commit.gpgsign=true` in `git config`, then the `-S` flag in `git commit -S -m "commitMsz"` does not seem to be necessary for the commit to be signed. Thanks! – Leobeeson Oct 24 '22 at 20:50

Shayan Amani · Answer 5 · 2022-04-07T17:59:02.217

170

I've DONE it through this short and easy recipe:

Auto-sign commits on macOS (Globally and with different IDEs):

Get your signingkey in this way.

brew install gnupg gnupg2 pinentry-mac
git config --global user.signingkey <YOUR_SIGNING_KEY>
git config --global commit.gpgsign true
git config --global gpg.program gpg

Put the following in gpg.conf file (edit file with nano ~/.gnupg/gpg.conf command):

no-tty

Put the following in gpg-agent.conf file (edit file with nano ~/.gnupg/gpg-agent.conf command):

pinentry-program /usr/local/bin/pinentry-mac

Update:

As suggested in the comments, you might need to execute killall gpg-agent command after editing the configurations file, gpg.conf, according to the comments. needless to say that this command will terminate the GPG (Gnu Privacy Guard) agent.

edited Apr 07 '22 at 17:59

answered Nov 03 '17 at 01:49

Shayan Amani

5,787
1
39
40

4

Can you also explain what those commands are doing? It will help with understanding. – Just The Highlights Jan 27 '19 at 21:48
21

I also had to run a `killall gpg-agent` after setting the config files, then it worked! – Pasukaru Apr 03 '19 at 12:27
How do we know we can trust the people behind `pinentry-mac`? I don’t say we can’t, but the GPGTools org is backup by a very small team and the repo has only 5 contributors vs using `brew install gnupg` which leverages the work of https://gnupg.org/. – sunknudsen Oct 22 '19 at 19:12
1

In case it helps others, my issue was that I had an invalid local `user.signingkey` set, which I didn't notice in my sourcetree configuration, nor my global settings (because I didn't think to look at local config) Ensure both local (`git config --local --get user.signingkey`) and global (`git config --global --get user.signingkey`) are the same, or even better, unset the local one if it is invalid (`git config --local --unset user.signingkey`) – Glenn 'devalias' Grant Nov 25 '19 at 01:25
on OSX (10.13.06), it gives the following error, bash: pinentry-program: command not found – cgl Nov 25 '19 at 21:56
11

On Apple Silicon with native brew, the path to `pinentry-mac` will be `/opt/homebrew/bin/pinentry-mac` – David Gay Jan 05 '21 at 15:48
Had the same problem moving from mac to Ubuntu. Make sure on Ubuntu you use `gpgconf --kill gpg-agent` to restart the gpg agent and adjust the path to pinentry to `/usr/bin/pinentry` – René Pardon Feb 23 '21 at 06:29
If the `killall gpg-agent` does not work, simply restart your computer. – ksinkar Feb 05 '22 at 13:34
This still works in 2022! Would be nice if someone could explain why pinentry is needed. – SW_user2953243 Apr 07 '22 at 14:32

score 119 · Answer 6 · edited Mar 26 '20 at 05:28

119

May help killing process gpg-agent that might stuck with old data. So new gpg-agent started would ask for password.

edited Mar 26 '20 at 05:28

Naman

27,789
26
218
353

answered Jun 01 '17 at 09:32

MaximKostrikin

1,300
1
8
5

38

Use `gpg-agent --daemon` to start it – FooBar Dec 07 '17 at 14:55
3

i had to restart gpg-agent as well – GnrlBzik Jan 31 '18 at 04:48
35

To kill process on macOS: `killall gpg-agent` – incleaf May 07 '19 at 05:56
10

on ubuntu `gpgconf --kill gpg-agent` – Adam May 20 '19 at 21:20
for Mac users: once the gpg-agent is killed, running the commit command asks for the password .. to not to redo the same steps again make sure to add the password to mac keychain – Lalit Mehra Mar 03 '20 at 21:11

score 52 · Answer 7 · edited Aug 02 '23 at 19:51

52

To anybody who is facing this issue on MacOS machines, try this:

brew uninstall gpg
brew install gpg2
brew install pinentry-mac (if needed)
gpg --full-generate-key Create a key by using an algorithm.
Get generated key by executing: gpg --list-keys
Set the key here git config --global user.signingkey <Key from your list>
git config --global gpg.program $(which gpg)
git config --global commit.gpgsign true
If you want to export your Key to GitHub then: gpg --armor --export <key> and add this key to GitHub at GPG keys: https://github.com/settings/keys (with START and END line included)

If the issue still exists:

test -r ~/.bash_profile && echo 'export GPG_TTY=$(tty)' >> ~/.bash_profile

echo 'export GPG_TTY=$(tty)' >> ~/.profile

If the issue still exists:

Install https://gpgtools.org and sign the key that you used by pressing Sign from the menu bar: Key->Sign

If the issue still exists:

Go to: ‎⁨your global .gitconfig file which in my case is at: ‎⁨/Users/gent/.gitconfig And modify the .gitconfig file (please make sure Email and Name are the same with the one that you have created while generating the Key):

[user]
    email = gent@youremail.com
    name = Gent
    signingkey = <YOURKEY>
[gpg]
    program = /usr/local/bin/gpg
[commit]
    gpsign = true
    gpgsign = true
[filter "lfs"]
    process = git-lfs filter-process
    required = true
    clean = git-lfs clean -- %f
    smudge = git-lfs smudge -- %f
[credential]
    helper = osxkeychain

edited Aug 02 '23 at 19:51

Ivan Tanaka

3
1

answered Apr 12 '19 at 07:21

Gent

6,215
1
37
40

2

Adding 'gpsign = true' in .gitconfig fixed it for me – Pierre Jun 05 '19 at 05:38
I had to run 'gpg-agent --daemon' and that fixed it for me (OS X, brew). – James Young Dec 05 '21 at 21:02
for Github client on Windows it works! After configure and add the gpg key (on *git bash*) you have to add the *gpg* to set *program = C:\\Program Files\\Git\\usr\\bin\\gpg.exe* path on git configure; Uou cand fint the details on https://gist.github.com/xavierfoucrier/c156027fcc6ae23bcee1204199f177da – Sergio Perez Feb 23 '23 at 06:46
The `signingkey` was what I was missing in mine. Because I didn't have this, it was using my name and email from the config. I ran `gpg --list-secret-keys --keyid-format=long` to get my signing key (the sequence of alphanumeric characters after the `/` on the `sec` line). I then ran `git config --global user.signingkey ` replacing `` with what I got in the first step and my commits are now being signed – Samuel Slade Apr 13 '23 at 19:41
1

Worked perfectly. This should be accepted answer. – Ani Jul 20 '23 at 12:45

George Daramouskas · Answer 8 · 2021-02-14T15:48:39.970

My two cents here:

When you create and add a key to gpg-agent you define something called passphrase. Now that passphrase at some point expires, and gpg needs you to enter it again to unlock your key so that you can start signing again.

When you use any other program that interfaces with gpg, gpg's prompt to you to enter your passphrase does not appear (basically gpg-agent when daemonized cannot possibly show you the input dialog in stdin).

One of the solutions is gpg --sign a_file.txt then enter the passphrase that you have entered when you created your key and then everything should be fine (gpg-agent should automatically sign)

See this answer on how to set longer timeouts for your passphrase so that you do not have to do this all the time.

Or you can completely remove the passphrase with ssh-keygen -p

Edit: Do a man gpg-agent to read some stuff on how to have the above happen automatically and add the lines:

GPG_TTY=$(tty)
export GPG_TTY

on your .bashrc if you are using bash(this is the correct answer but I am keeping my train of thought above as well) then source your .bashrc file or relogin.

This solved my problem. Using `GIT_TRACE=1 git commit` as suggested somewhere did not yield any useful information so it was difficult to figure out what's wrong. — evgeni tsvetanov, Jan 04 '23 at 19:58

Engineero · Answer 9 · 2020-04-07T15:25:52.043

36

I've seen similar answers, but nothing exactly like what worked for me. On Linux, I had to kill and restart my gpg-agent with:

$ pkill gpg-agent
$ gpg-agent --daemon
$ git commit ...

This did the trick for me. It looks like you do need to have user.signingkey set to your private key as well from what some other comments are saying.

$ git config --global user.signingkey [your_key_hash]

edited Apr 07 '20 at 15:25

answered Aug 16 '19 at 20:09

Engineero

12,340
5
53
75

2

This worked for me on MacOS 10.15.6 with gpg (GnuPG) 2.2.23 installed from brew. Thanks for the tip! – Jimmie Tyrrell Sep 04 '20 at 22:11
this signingkey is from where? github/codecommit etc? – Jamie Hutber Feb 21 '23 at 13:16
@JamieHutber you have to create your own signing key and add it to GitHub. You can follow the GitHub docs here: https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent – Engineero Feb 22 '23 at 17:33
I didn't realise you need to add them to github... got you. Though i'm using codecommit on AWS – Jamie Hutber Feb 25 '23 at 22:30
@JamieHutber there should be a way to add the key to AWS as well. You follow similar instructions to create it and then you'll need to work with your admin or do some searching online to figure out how to add it to your profile on AWS. I am not as familiar with that setup. – Engineero Mar 01 '23 at 19:32

Muhammad Dyas Yaskur · Answer 10 · 2021-11-09T18:40:14.473

28

I get that error every time I logout then login again on my macOS. The solution is just a simple single command:

killall gpg-agent

I think it's just an error from gpg agent, kill it then working again.

edited Nov 09 '21 at 18:40

answered Jul 24 '21 at 15:31

Muhammad Dyas Yaskur

6,914
10
48
73

score 27 · Answer 11 · answered Oct 17 '19 at 07:08

27

On OS X, using gnupg2 via brew I just had to kill the gpg agent, happens sometimes:

pkill -9 gpg-agent

And set the env variable if needed:

export GPG_TTY=$(tty)

See Common GPG problems also and this answer here too.

answered Oct 17 '19 at 07:08

trainoasis

6,419
12
51
82

3

This worked for me as well. I have created a new alias `alias fix-gpg='pkill -9 gpg-agent && export GPG_TTY=$(tty)'`. – oalders Nov 15 '19 at 22:10
2

This works fine, thanks. Didn't even need to set the env variable afterward. – Nick Rameau Feb 04 '20 at 20:10
I had to kill the gpg agent after reinstalling python. It started working afterwards. – Paul Razvan Berg Sep 06 '21 at 22:49

score 19 · Answer 12 · edited Feb 01 '22 at 20:27

19

The git trace was very revealing for my situation...

   GIT_TRACE=1 git commit -m "a commit message"

   13:45:39.940081 git.c:344               trace: built-in: git commit -m 'a commit message'
   13:45:39.977999 run-command.c:640       trace: run_command: gpg --status-fd=2 -bsau 'full name <your-email@domain.com>'
   error: gpg failed to sign the data
   fatal: failed to write commit object

I needed to generate an initial key per the format that git was checking against. It's best to copy the value passed to -bsau above in the logs as is and use below.

So it becomes,

   gpg --quick-generate-key "full name <your-email@domain.com>"

Then it worked.

edited Feb 01 '22 at 20:27

Muhammad Dyas Yaskur

6,914
10
48
73

answered Oct 03 '18 at 17:58

phyatt

18,472
5
61
80

2

mate...you cannot image how many hours i spent trying to sort this out until i reached your Answer ... it was the naming of the key all along .. thank you! thank you! thank you! – giomanda May 11 '20 at 22:15
https://superuser.com/a/1360557/144977 – phyatt Mar 21 '22 at 18:53

score 11 · Answer 13 · edited Oct 05 '17 at 20:17

Update Oct. 2016: issue 871 did mention "Signing stopped working in Git 2.9.3"

Git for Windows 2.10.1 released two days ago (Oct. 4th, 2016) has fixed Interactive GPG signing of commits and tag.

the recent gpg-sign change in git (which introduces no problem on Linux) exposes a problem in the way in which, on Windows, non-MSYS2-git interacts with MSYS2-gpg.

Original answer:

Reading "7.4 Git Tools - Signing Your Work", I assume you have your "user.signingkey" configuration set.

The last big refactoring (before Git 2.10) around gpg was in commit 2f47eae2a, here that error message was moved to gpg-interface.c

A log on that file reveals the recent change in commit af2b21e (Git 2.10)

gpg2 already uses the long format by default, but most distributions seem to still have "gpg" be the older 1.x version due to compatibility reasons. And older versions of gpg only show the 32-bit short ID, which is quite insecure.

This doesn't actually matter for the verification itself: if the verification passes, the pgp signature is good.
But if you don't actually have the key yet, and want to fetch it, or you want to check exactly which key was used for verification and want to check it, we should specify the key with more precision.

So check how you specified your user.signingkey configuration, and the version of gpg you are using (gpg1 or gpg2), to see if those have any effect on the error message.

There is also commit 0581b54 which changes the condition for the gpg failed to sign the data error message (in complement to commit 0d2b664):

We don't read from stderr at all currently. However, we will want to in a future patch, so this also prepares us there (and in that case gpg does write before reading all of the input, though again, it is unlikely that a key uid will fill up a pipe buffer).

Commit 4322353 shows gpg now uses a temporary file, so there could be right issues around that.

Let's convert to using a tempfile object, which handles the hard cases for us, and add the missing cleanup call.

I do have my `user.signingkey` config set. Also using `gpg (GnuPG) 2.0.3`. — Naman, Sep 19 '16 at 10:30
@nullpointer I have edited my answer. Can you check if the issue persists with Gti For Windows 2.10.1. — VonC, Oct 06 '16 at 11:50
sorry for the late update, working on MacOSX not Windows so couldn't verify this. — Naman, Oct 16 '16 at 05:35
Another potential issue with Windows users is if they have installed gnupg in adddition to the version of gnupg that ships with git -- `gpg --list-keys` won't give the same output as `"C:\Program Files\Git\usr\bin\gpg.exe" --list-keys` thus, git won't find your key when trying to sign a commit because it's using the "wrong" `gpg` — sytech, Jan 20 '21 at 00:26
@sytech Good point, the PATH needs to be carefully set, I suppose. — VonC, Jan 20 '21 at 00:27
Yeah. Although, editing the environment in which git runs is... potentially complicated, particularly because it can depend on how you install/configure git on Windows. (PATH won't be the same in your shell and in the environment git uses). FWIW, the workaround I found was to copy the "real" `gpg.exe` with a new name like `gpgwin.exe` in the same directory then set `git config --global gpg.program gpgwin`. That way, there's no naming conflict. — sytech, Jan 20 '21 at 00:37
@sytech Right, I remember having to do the same here: https://stackoverflow.com/a/61849206/6309 — VonC, Jan 20 '21 at 07:13

score 10 · Answer 14 · answered Nov 07 '17 at 09:47

10

Using cygwin, I recently switched to gpg2. Then I had the same problem for signing with git after setting git config gpg.program gpg2.

Try echo "test" | gpg2 --clearsign to see whether gpg2 is working. I found it the easiest solution to just set git config gpg.program gpg, because that works. But you will also get a better error this way - e.g. that you need to install pinentry.

answered Nov 07 '17 at 09:47

lucidbrot

5,378
3
39
68

Actually, on some Linux distros you may end up with the same issue. Git always uses gpg, not gpg2. See also: https://stackoverflow.com/questions/34766123/signing-commit-with-openpgp-subkey-fails#34767663 – rugk Sep 08 '18 at 10:17
This revealed for me the error `gpg: signing failed: Inappropriate ioctl for device` which can be solved by `export GPG_TTY=$(tty)`. Source: https://github.com/keybase/keybase-issues/issues/2798 – swiknaba Dec 19 '18 at 20:50

score 9 · Answer 15 · answered Aug 09 '19 at 05:47

I got this error on Ubuntu 18.04 and it turned out that my key was expired.

To see this, I ran this and it confirmed that my keys were expired:

gpg --list-keys

To correct this, I ran (using the ID displayed in the previous command):

gpg --edit-key <ID>

From there, I extended the expiration of key 0 and key 1 following these instructions which boiled down to typing key 0 then expire and following the prompts. Then repeating for key 1.

Afterward, to test this, I ran:

echo test | gpg --clearsign

And before the fix, it failed with the error:

gpg: no default secret key: No secret key
gpg: [stdin]: clear-sign failed: No secret key

But after the fix, the same command successfully signed the message so I knew things were working again!

Confirming this fixed an issue when importing a valid key from Mac OSX Catalina to CentOS7. Fought with this beast for well over two hours trying to figure out why it kept asking for a password amongst other things. Oddly enough it was already set to never expire, and I set it to still never expire. — Cody B, Feb 17 '20 at 20:04

score 9 · Answer 16 · answered Apr 29 '21 at 06:18

9

If you use homebrew on a M1 chip without Rosetta, you need to specify a different location of the pinentry-program binary because it's installed at a different place.

Andy Hayden's updated answer should be modified as follow:

brew upgrade gnupg  # This has a make step which takes a while
arch -arm64 brew link --overwrite gnupg
arch -arm64 brew install pinentry-mac
echo "pinentry-program /opt/homebrew/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

answered Apr 29 '21 at 06:18

Shawn Koh

137
3
9

For some reason, signing stopped working on my M1: `echo "test" | gpg --clearsign` output was `gpg: signing failed: Inappropriate ioctl for device gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device`. This worked for me. – jomar May 03 '21 at 14:30
The only solution that worked for me. Though everything was already installed for the arm64 target for me, you also don't have to specify `arch -arm64` every time if you are on m1, [follow this](https://stackoverflow.com/questions/66666134/how-to-install-homebrew-on-m1-mac) to install brew for m1 – weegee Aug 02 '21 at 22:06
@Shawn Koh best easy working answer for all the answers provided kudos – Emmanuel Njorodongo Nov 01 '22 at 08:38

score 8 · Answer 17 · answered Mar 08 '19 at 22:43

8

Might be a hanging gpg-agent.

Try gpgconf --kill gpg-agent as discussed here

answered Mar 08 '19 at 22:43

Lounge9

1,213
11
22

Shuvo Amin · Answer 18 · 2022-03-04T23:54:55.207

7

I am using M1 Mac, where I have tried above most common of the solutions and didn't work, my problem was that GPG binary missing here => usr/local/bin

Originally, I installed GPG via brew and I tried re-installing it but couldn't find the binary where it stored, later I installed GPG Suite GUI from here => GPG Suite Tools and it worked.

Finally, I can sign-in commit and get verify badge on Github.

edited Mar 04 '22 at 23:54

answered Mar 03 '22 at 12:53

Shuvo Amin

631
8
14

This trick worked for me and it should work for anyone who is with M1 Mac. Thanks – pqtuan86 Aug 29 '22 at 08:18

score 6 · Answer 19 · edited Feb 01 '22 at 20:28

6

I must have accidentally updated gpg somehow because I got this after trying to test if gpg works:

gpg: WARNING: server 'gpg-agent' is older than us (2.1.21 < 2.2.10)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command "gpgconf --kill all" to restart them.

Running gpgconf --kill all fixed it for me.

edited Feb 01 '22 at 20:28

Muhammad Dyas Yaskur

6,914
10
48
73

answered Nov 25 '18 at 09:26

visokoo

83
1
4

score 6 · Answer 20 · edited Feb 01 '22 at 20:28

6

I stumbled upon this error not because of any configuration issue, but because my key was expired. The easiest way to extend its validity on OSX is to open the GPG Keychain app (if you have it installed) and it will automatically prompt you to extend it. Two clicks, and you're done.

edited Feb 01 '22 at 20:28

Muhammad Dyas Yaskur

6,914
10
48
73

answered Aug 01 '19 at 23:55

maxhm10

1,034
9
20

score 5 · Answer 21 · answered Sep 21 '16 at 20:43

I ran into the same problem. I'm happy to report that the issue lies not with git 2.10.0 but with gnupg 1.4.21.

Temporarily downgrading gnupg to 1.4.20 fixed the issue for me.

If you're using homebrew and you upgraded your packages like I did, you can probably just run brew switch gnupg 1.4.20 to revert back.

score 5 · Answer 22 · answered Feb 17 '17 at 02:31

5

Make sure you have your email set properly.

git config --global user.email "user@example.com"

answered Feb 17 '17 at 02:31

Weston Reed

187
2
9

1

This is the only solution that worked for me, was helpful to follow the correct method of generating a GPG key via [github](https://help.github.com/articles/signing-commits-using-gpg/) – Naz Jul 23 '17 at 10:22
2

In my case the problem was that I was using a company e-mail in a specific repo, for which I didn't have PGP key generated. – rubick Aug 21 '19 at 07:13
Since this question comes up on Google quite often, this really helpful answer should be way higher up in the answers list. Before uninstalling and installing a ton of software trying to fix something that's not broken, just check that you've specified the right e-mail address. – Arthur Khazbs Aug 12 '22 at 12:39

score 5 · Answer 23 · answered Dec 14 '21 at 18:52

In my case, the problem was with the relative name of gpg inside ~/.gitconfig. I changed it to this and the problem disappeared (Monterey, Macbook M1):

[gpg]
    program = /opt/homebrew/bin/gpg

The explanation is simple: when git is trying to run gpg it does it in a new shell, without running ~/.profile where I configure PATH for homebrew. So, it simply can't find gpg at all.

score 5 · Answer 24 · answered Aug 26 '22 at 08:54

I found it very helpful to check what git commit is doing under the hood. Run the following commit with GIT_TRACE=1 as follow:

GIT_TRACE=1 git commit -S -m "MESSAGE"

This will show what user name, email and signing key git uses when committing.

In my case, I found that git was picking up the wrong user's and key details for signing the commit. I mainly intended to use the local config of the repo rather than the global and adding the following to the local git config (located at "REPO_PATH/.git/config") got signing the commit to work both in Terminal and VSCode

[user]
    name = USER NAME
    email = USER EMAIL
    signingKey = SIGNING KEY

It can also be set with the following:

git config --local user.name "USER NAME"
git config --local user.email "USER EMAIL"
git config --local user.signingkey "USIGNING KEY"

Thanks for mentioning GIT_TRACE=1 , that helped me get to the root cause of my issue. — Juan Tarquino, Nov 15 '22 at 19:28

score 4 · Answer 25 · answered Mar 10 '18 at 07:35

The answers above are great but they did not work for me. What solved my issue was exporting both the public and secret keys.

list the keys from machine where we are exporting from

$ gpg --list-keys
/home/user/.gnupg/pubring.gpg
--------------------------------
pub 1024D/ABCDFE01 2008-04-13
uid firstname lastname (description) <email@example.com>
sub 2048g/DEFABC01 2008-04-13

export the keys

$ gpg --output mygpgkey_pub.gpg --armor --export ABCDFE01
$ gpg --output mygpgkey_sec.gpg --armor --export-secret-key ABCDFE01

go to machine we are importing to and import

$ gpg --import ~/mygpgkey_pub.gpg
$ gpg --allow-secret-key-import --import ~/mygpgkey_sec.gpg

bingo bongo, you're done!

reference: https://www.debuntu.org/how-to-importexport-gpg-key-pair/

ps. My keys were originally made on bootcamp windows 7 and I exported them onto my mac air (same physical machine, different virtually)

haridsv · Answer 26 · 2020-05-01T19:40:26.280

This started happening all of a sudden for me on Ubuntu, not sure if some recent update did it, but none of the existing issues were applicable for me (I had GPG_TTY set, tried killing the agent etc.). The standalone gpg command was failing with this error:

$ echo "test" | gpg --clearsign
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

test
gpg: signing failed: Operation cancelled
gpg: [stdin]: clear-sign failed: Operation cancelled

I tried running gpg with --debug-all option and noticed the below output:

gpg: DBG: chan_3 <- INQUIRE PINENTRY_LAUNCHED 27472 gnome3 1.1.0 /dev/pts/6 screen-256color -
gpg: DBG: chan_3 -> END
gpg: DBG: chan_3 <- ERR 83886179 Operation cancelled <Pinentry>
gpg: signing failed: Operation cancelled

The above indicates that there is some issue with the pinentry program. Gpg normally runs pinentry-curses for me, so I changed it to pinentry-tty (I had to aptitude install it first) and the error went away (though I no longer get the fullscreen password entry, but I don't like that anyway). To make this change, I had to add the line pinentry-program /usr/bin/pinentry-tty to ~/.gnupg/gpg-agent.conf and kill the agent with gpgconf --kill gpg-agent (it gets restarted the next time).

score 4 · Answer 27 · answered Sep 24 '21 at 14:39

Apart from not having setup your gpg key with git correctly, another possible problem: Trying to commit from inside an ssh session with X forwarding. In this case it could try to invoke a GUI which will fail if the env var DISPLAY isn’t set.

You can force gpg-agent to use a tty-only tool by editing your ~/.gnupg/gpg-agent.conf:

pinentry-program /usr/bin/pinentry-tty

Then reload the conf:

gpg-connect-agent reloadagent /bye

(of course install pinentry-tty first)

`gpg-connect-agent reloadagent /bye` was the key for me. Thanks! — Barry, Oct 05 '21 at 01:04

score 4 · Answer 28 · answered Jan 12 '22 at 09:51

After searching a lot, I found that gpg key was the issue in my case.

To check if gpg key is an issue for you, first check output of the following:

GIT_TRACE=1 git commit -m 'message'

If something is wrong then you will see something like:

10:37:22.346480 run-command.c:637       trace: run_command: gpg --status-fd=2 -bsau <your GPG key>

It was showing my name and email in GPG key here but this should have the key. You can try running gpg --status-fd=2 -bsau <your GPG key>

To update your correct key, do the following: check key using: gpg --list-secret-keys --keyid-format=long

It should have the following output:

/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec   4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid                          Hubot 
ssb   4096R/42B317FD4BA89E7A 2016-03-10

And then update the key using:

git config --global user.signingkey 3AA5C34371567BD2

Now check the commit again and it should success if key was the issue. You need to set the passphrase to update the key which you can do using GitHub docs.

More details are at: https://gist.github.com/paolocarrasco/18ca8fe6e63490ae1be23e84a7039374

score 3 · Answer 29 · answered Jun 16 '17 at 02:03

If the email assoicated to your GPG key's uid is different to the email you are using in git, you'll need to add another user id to your key OR use a key which email matches exactly.

You can add another UID by using:

$ gpg --edit-key

See for mo https://superuser.com/questions/293184/one-gnupg-pgp-key-pair-two-emails

score 3 · Answer 30 · answered Apr 12 '21 at 07:19

None of the above worked for me, I usually use my IDE terminal.

I got this error every now and then, in most cases it worked just fine. I found out the issue after running

 echo "test" | gpg --clearsign

gpg: signing failed: Screen or window too small
gpg: [stdin]: clear-sign failed: Screen or window too small

The solution: just increase terminal window size.

score 3 · Answer 31 · answered Jul 06 '21 at 07:48

3

If you're like me and using WSL along with your IDE, you might've faced this problem since the passphrase 'window' never shows up when committing using the IDE's commit interface (WSL doesn't support GUI apps yet)

The fix was to simply use the command line git as that has its own cli window for you to enter your passphrase. You also need to make sure that the terminal is 'big' enough for it to popup (surprising I know)

answered Jul 06 '21 at 07:48

Harshil Mehta

86
1
4

i still don't believe this fixed my issue. Thanks man! – rufatZZ Feb 10 '23 at 10:11

score 3 · Answer 32 · answered Jul 27 '22 at 11:06

I had the same error , after VSCode update. Although my security commit was working fine, after update of VSCode I got this error:

error: gpg failed to sign the data
fatal: failed to write commit object

The only thing that restored the functionality was this command:

echo "test" | gpg --clearsign

The command returned error with this:

gpg: signing failed: Screen or window too small
gpg: [stdin]: clear-sign failed: Screen or window too small

After increasing the terminal i was able to type my pass phrase. Very bizzare situation.

score 2 · Answer 33 · answered Apr 24 '17 at 08:44

I had a similar issue with the latest Git sources (2.12.2) built along with the latest sources of all its dependencies (Zlib, Bzip, cURL, PCRE, ReadLine, IDN2, iConv, Unistring, etc).

It turns out libreadline was giving GnuPG problems:

$ gpg --version
gpg: symbol lookup error: /usr/local/lib/libreadline.so.7: undefined symbol: UP

And of course, trying to get useful information from Git with -vvv failed, so the failure was a mystery.

To resolve the PGP failure due to ReadLine, follow the instructions at Can't update or use package manager -- gpg error:

In terminal:
ls /usr/local/lib
there was a bunch of readline libs in there (libreadline.so.BLAH-BLAH) so i:
su
mkdir temp
mv /usr/local/lib/libreadline* temp
ldconfig

score 2 · Answer 34 · answered May 17 '17 at 19:17

2

If this just happened randomly and has been working perfectly in the past, as is my case, try logging out (cmd+shift+q) and logging back in. Worked for me

answered May 17 '17 at 19:17

Skylar Brown

3,234
2
14
7

score 2 · Answer 35 · answered Aug 27 '18 at 16:37

2

Very much like @birchlabs, after a lot of digging/searching I found that it wasn't GPG, but rather GPG Suite. I did cask reinstall gpg-suite and it solved it for me.

answered Aug 27 '18 at 16:37

John

21
2

score 2 · Answer 36 · answered Jun 10 '19 at 18:33

I am on Ubuntu 18.04 and got the same error, was worried for weeks too. Finally realized that gpg2 is not pointing towards anything. So simply run

git config --global gpg.program gpg

And tada, it works like charm.

Your commits will now have verified tag with them.

score 2 · Answer 37 · answered Feb 12 '21 at 10:48

In my case, none of the solutions were working because I did not manually go into my ~/.gitconfig and remove the following as I created a new key that was no longer my older X.509 key so I removed the following and then my new key began to work.

[gpg]
    program = gpg
    format = x509
[gpg "x509"]
    program = smimesign

score 2 · Answer 38 · answered Aug 04 '21 at 07:46

If your issue is with Visual Studio Code not allowing to commit, but you have already set up your GPG signature the one line answer with bash is:

git config --global gpg.program `which gpg2`

If you have gpg in PATH but not gpg2 then just use it instead.

score 2 · Answer 39 · answered Sep 08 '22 at 14:45

Solution work for me is :

Firstly I tried to get details about why this is NOT working. Try below cmd on terminal

   $ echo "Hello" > test.txt
   $ gpg --sign --default-key <your-email-id> test.txt

Observed error with details : gpg: signing failed: No pinentry

gpg-agent[59045]: can't connect to the PIN entry module '/usr/local/bin/pinentry': IPC connect call failed
gpg-agent[59045]: failed to unprotect the secret key: No pinentry

From terminal I hit below cmd :

    cat ~/.gnupg/gpg-agent.conf

Check if below statement is present. Need to add if not present in gpg-agent.conf

pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac

After adding pinentry path, Run

    $ gpgconf --kill gpg-agent
    $ gpg --sign --default-key <your-email-id> test.txt

See the output :

 gpg: using <your-email-id> as default secret key for signing

score 1 · Answer 40 · answered Feb 13 '17 at 15:57

None of the above answers seemed to match my problem. My gpg binary (/usr/local/bin/gpg -> /usr/local/MacGPG2/bin/gpg2) was installed as part of GPG Suite, rather than by brew.

Nevertheless, I felt that the advice boiled down to: "use whichever gpg binary is the latest available on brew". So I tried:

brew update
brew upgrade git
brew install gpg

# the following are suggestions from brew's Caveats, to make `/usr/local/bin/gpg`
# point to the brew binary:
rm '/usr/local/bin/gpg'
brew link --overwrite gnupg2

I verified that I had correctly changed the gpg upon my $PATH to point to the new executable from brew:

 which gpg
/usr/local/bin/gpg
 ls -l /usr/local/bin/gpg
lrwxr-xr-x  1 burger  admin  33 Feb 13 13:22 /usr/local/bin/gpg -> ../Cellar/gnupg2/2.0.30_3/bin/gpg

And I also explicitly told git which gpg binary to use:

git config --global gpg.program gpg

Well, maybe that's not completely watertight, as it's sensitive to path. I didn't actually go as far as confirming beyond doubt that git had switched to invoking the brew gpg.

In any case: none of this was sufficient to make git commit successfully sign my commits again.

The thing that worked for me ultimately was to update GPG Suite. I was running version 2016.7, and I found that updating to 2016.10 fixed the problem for me.

I opened GPG Keychain.app, and hit "Check for updates…". With the new version: signed commits worked correctly again.

I tried updating to latest version... that didn't work either. trying to sign in xcode. — Albert T. Wong, Mar 30 '17 at 02:24

score 1 · Answer 41 · answered May 23 '18 at 11:12

1

got it setup by simply :

brew uninstall gpg 

brew install gpg2

answered May 23 '18 at 11:12

Anurag pareek

1,382
1
10
21

score 1 · Answer 42 · answered Jul 22 '18 at 11:15

1

In my case, none of the solutions mentioned in other answer worked. I found out that the problem was specific to one repository. Deleting and cloning the repo again solved the issue.

answered Jul 22 '18 at 11:15

David Miguel

12,154
3
66
68

Nic · Answer 43 · 2019-08-27T14:56:28.497

1

Kind of a weird one, but make sure your terminal is big enough! You can tell if it's too small by running echo test | gpg --clearsign -- it'll give you a pretty obvious error message letting you know. If it's not big enough, your GPG agent can't display its little ncurses box.

This one won't apply if you use a GUI agent or something that doesn't use ncurses.

edited Aug 27 '19 at 14:56

answered Aug 27 '19 at 14:22

Nic

6,211
10
46
69

score 1 · Answer 44 · answered Aug 27 '20 at 08:09

1

For me, brew had updated the gnupg or gpg so all I had to do to fix this is.

brew link --overwrite gnupg

That linked the gpg to the right place, as I can confirm via which gpg and everything worked after that.

answered Aug 27 '20 at 08:09

Ahmad Awais

33,440
5
74
56

score 1 · Answer 45 · answered Nov 02 '20 at 17:29

Ran into this in prezto another zsh variant. There the issue was my git repo was new and did not have the node_modules added to .gitignore. As soon as I added the node_modules to .gitignore the issue was no more to be seen. So my assumption is git-info was taking time due to these large node_modules.

score 1 · Answer 46 · answered Feb 20 '23 at 03:56

To solve this issue without killing gpg-agent on every restart:

Check if you have multiple copies of gpg and gpg-agent:

$ which -a gpg-agent
/opt/homebrew/bin/gpg-agent
/usr/local/MacGPG2/bin/gpg-agent

$ which -a gpg
/opt/homebrew/bin/gpg
/usr/local/bin/gpg
/usr/local/bin/gpg

For me, there were some leftover binaries from old Macbook migrations installed by MacGPG2.

Removing those binaries (and symlinks) and checking again to make sure there is only one copy:

$ which -a gpg
/opt/homebrew/bin/gpg

$ which -a gpg-agent
/opt/homebrew/bin/gpg-agent

Then restart your computer one last time.

gpg should sign correctly without needing to kill anything:

$ echo "test" | gpg --clearsign
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

test
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIzBAEBCgAdFiEE1S8n.....
-----END PGP SIGNATURE-----

(Reposted from another question since this question has higher votes)

score 0 · Answer 47 · answered Dec 15 '20 at 23:11

If you don't want to deal with brew to install gpg, which seems to run into problems from time to time, just download gpg tools from GPG Tools.

As you go through the wizard, click on customize install and deselect the mail plugin (unless you want to use it). These tools seem to work without running into any problems, plus it remembers your passphrase after the first time you sign you commit. No extra configuration needed, other then telling git about which key to use.

At least that has been my experience.

score 0 · Answer 48 · answered Jul 19 '22 at 20:29

These few commands in order seem to be working with me as I personally have has the same issue after upgrading to Mac OS 12.4

brew upgrade gnupg
brew install pinentry-mac 
echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf 
killall gpg-agent && gpg-agent --daemon
git config --global gpg.program gpg
git config --global commit.gpgsign true

score 0 · Answer 49 · answered Jul 21 '22 at 20:27

Using the OSX terminal instead of the integrated VS Code terminal worked for me. The VS Code integrated terminal has allowed me to gpg sign this same repo up until today. Previously when I had this error, I fixed it by updating VS Code, but this time updating didn't work.

score 0 · Answer 50 · answered Aug 15 '23 at 21:03

My solution was to stumble upon Sascha Doemer's elegant solution (slight modification on my part; store as gpg-no-tty in the user's PATH directory --- ~/bin or ~/.local/bin --- and remember to chmod +x gpg-no-tty):

#!/bin/sh
/usr/bin/gpg --batch --no-tty "$@"

Then, if needed for a single repository (or switch to --global to set the global value of the configuration entries):

git config --local user.signingkey "${YOUR_SIGNING_KEY}"
git config --local commit.gpgsign true
git config --local gpg.program gpg-no-tty

Note: I tried editing a previous answer, but there were too many edits pending.

In my particular case, I was getting this error while trying to commit changes with the Emacs' Version Conrol (VC) with the magic C-x v v + C-c C-c key combination (leaving this note for future Emacs users with the same problem).

score -2 · Answer 51 · answered Jun 20 '18 at 06:46

-2

Check if gpg is enabled using below command

git config -l | grep gpg

if it returns true, Run the below command to disable it

git config --global --unset commit.gpgsign

After successfully running above command, You should be able to run git commit command.

answered Jun 20 '18 at 06:46

Aarif1430

155
9

10

This disables all GPG signing without fixing the problem. – Nic Sep 09 '18 at 03:14

gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]

51 Answers51

Original answer:

Updated answer:

Linked

Related