git - gpg onto mac osx: error: gpg failed to sign the data

Question

I installed GPG from brew.

brew install gpg

It is gnupg2-2.0.30_2.

When I commit, I do get a error message:

You need a passphrase to unlock the secret key for
user: "Max Mustermann (mycomment) <mm@test.de>"
2048-bit RSA key, ID 1111AAAA, created 2017-01-05 

error: gpg failed to sign the data
fatal: failed to write commit object

I used the command:

gpg --list-secret-keys | grep ^sec

and it gives me back:

sec   2048R/1111AAAA 2017-01-05

Then I used this command:

git config --global user.signingkey 1111AAAA

commit gives me back the same error message.

How can I solve this problem?

Also: https://stackoverflow.com/questions/39494631/gpg-failed-to-sign-the-data-fatal-failed-to-write-commit-object-git-2-10-0 (Possible duplicate) — DrBeco, Nov 19 '17 at 20:00
And https://stackoverflow.com/questions/41052538/git-error-gpg-failed-to-sign-data (Possible duplicates) — DrBeco, Nov 19 '17 at 20:09
Possible duplicate of [gpg failed to sign the data fatal: failed to write commit object \[Git 2.10.0\]](https://stackoverflow.com/questions/39494631/gpg-failed-to-sign-the-data-fatal-failed-to-write-commit-object-git-2-10-0) — Naman, Nov 20 '17 at 16:34
I had a similar issue, after a year of stable operation, although my GPG key didn't expire. All I had to do was to run `gpgconf --kill gpg-agent` and it started to work again. — Boštjan Biber, Dec 29 '22 at 10:28
Why is this a Stack Overflow question (as opposed to [unix.se]) at all? This is a command-line tool usage question, not a development question. — Charles Duffy, Feb 20 '23 at 04:01

sideshowbarker · Accepted Answer · 2022-04-12T21:14:13.240

143

If you’re not getting prompted at all for a passphrase, the solution may just be to install a program to facilitate that. The most common is pinentry.

brew install pinentry-mac

So installing that and trying again may get things working. But if not, another thing to do is make sure git it using/finding the right GPG program. These days you really should be using gpg2, so if you don’t already have that installed, do this:

gpg --version

…and make sure it indicates you have GnuPG version 2+ (not version 1) installed.

If you already have GnuPG 2+ and pinentry installed, then try this:

echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf

…or, more robustly:

echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf

…and then try again.

And you may also need to stop gpg-agent:

gpgconf --kill gpg-agent

You don’t need to manually restart it — it will get restarted automatically when it’s needed.

Note: Some commenters mention needing to reboot after making changes — but it seems likely the only effect of that is to cause gpg-agent to be restarted. So manually killing gpg-agent as described above should be sufficient.

edited Apr 12 '22 at 21:14

answered Jan 06 '17 at 13:08

sideshowbarker

81,827
26
193
197

7

Installing `pinentry-mac` solved my issue. Thank you! – Amazing Rando Jan 30 '17 at 02:07
I am having the same issue, despite performing all of these steps. – Euan Millar Jun 03 '17 at 01:52
6

I followed the above steps but needed a reboot before this worked – Sjuul Janssen Dec 22 '17 at 14:23
MacOS Mojave is the root of all evil. After I upgraded to Majave all my homebrew apps stopped working including gnupg. I recomplied them all and it started working. – hamidfzm Oct 04 '18 at 15:00
35

For me restarting the gpg-agent worked so I didn't need to restart: `gpgconf --kill gpg-agent` – phikes Nov 23 '18 at 12:59
23

I had to kill `gpg-agent` and start it again using `gpg-agent --daemon` – Mohammad Banisaeid Jan 10 '19 at 15:20
1

I got the error `gpg: Sorry, no terminal at all requested - can't get input` when try to use `gpg --full-generate-key`. If you get this error just remove the line `no-tty` from `~/.gnupg/gpg.conf` or `~/.gnupg/options` – adrxlm Feb 04 '20 at 14:12
I had to restart gpg-agent like @MohammadBanisaeid said – GabrielBB Mar 17 '20 at 16:51
in my case, `git config --global gpg.program gnupg` works even though I install it via homebrew this ways: `brew install gnupg2` – mochadwi Feb 10 '21 at 14:52
I just ran a brew upgrade, which of course updated only these things: `openssl`, `pinentry`, `libgcrypt`, `gnupg` (the perfect isolated chaos to break things). It seems after the update I just needed to restart the gpg agent with: `gpgconf --kill gpg-agent` and then when I went to try and commit again things were fixed – CTS_AE Sep 13 '21 at 18:30
1

Latest homebrew on M1 changes the bin dir, use this: `echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf` – jqr Nov 11 '21 at 14:15
In my M1, `brew install gpg` already gives GnuPG 2. – emyller Mar 14 '22 at 13:08
It works! And if you have installed `pinentry-mac` with brew on latest MacOS(currently is 12.6), It will be installed at `/opt/homebrew/bin/pinentry-mac` – hash070 Sep 15 '22 at 03:41

score 89 · Answer 2 · edited Feb 20 '23 at 04:02

To anybody who is facing this issue on MacOS machines, try this:

brew uninstall gpg
brew install gpg2
brew install pinentry-mac (if needed)
gpg --full-generate-key Create a key by using an algorithm.
Get generated key by executing: gpg --list-keys
Set the key here git config --global user.signingkey <Key from your list>
git config --global gpg.program /usr/local/bin/gpg
git config --global commit.gpgsign true
If you want to export your Key to GitHub then: gpg --armor --export <key> and add this key to GitHub at GPG keys: https://github.com/settings/keys (with START and END line included)

If the issue still exists:

test -r ~/.bash_profile && echo 'export GPG_TTY=$(tty)' >> ~/.bash_profile

echo 'export GPG_TTY=$(tty)' >> ~/.profile

If the issue still exists:

Install https://gpgtools.org and sign the key that you used by pressing Sign from the menu bar: Key->Sign

If the issue still exists:

Go to: ‎⁨your global .gitconfig file which in my case is at: ‎⁨/Users/gent/.gitconfig And modify the .gitconfig file (please make sure Email and Name are the same with the one that you have created while generating the Key):

[user]
    email = gent@youremail.com
    name = Gent
    signingkey = <YOURKEY>
[gpg]
    program = /usr/local/bin/gpg
[commit]
    gpsign = true
    gpgsign = true
[filter "lfs"]
    process = git-lfs filter-process
    required = true
    clean = git-lfs clean -- %f
    smudge = git-lfs smudge -- %f
[credential]
    helper = osxkeychain

p.s I took this answer from my previous answer here: gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]

The GPGTools is what did it for me, it seems that prompts for the passphrase and then adds it into the keychain :) — CTS_AE, Sep 13 '20 at 00:07
Thanks man! Far better then the current accepted answer for me — GedankenNebel, Aug 06 '21 at 15:21
Signing using the GPGTools was what did it for me! Isnt there a way to sign the key using gpg cli? — MbBrainz, Jan 06 '22 at 13:19
Note that "Stack Snippets" are our local JSFiddle equivalent -- they're only for JavaScript, CSS, HTML, and otherwise code that can run in a browser. Use the `{}` button instead of the snippet button otherwise. — Charles Duffy, Feb 20 '23 at 04:02
I was missing "gpg --full-generate-key" and this is exactly what the error log was complaining about. Thank you very much for the detailed answer — Tobbey, Aug 29 '23 at 14:04

score 7 · Answer 3 · answered Sep 24 '19 at 10:30

7

I had the same error message and found that my key was expired. So it might be a good idea to check your key expiration with:

gpg --list-keys

If your key is expired as well you can adjust the expiration date with:

gpg --edit-key <YOUR_KEY>

and then:

gpg> expire
...enter the new expiration date...
gpg> save

answered Sep 24 '19 at 10:30

A5308Y

409
6
13

1

Many answers mention using `gpg --list-keys` to check if a key exists then otherwise create a new one. But nobody says to pay attention to the expiration date. There's a single character difference between `[expires: YYYY-MM-DD]` and `[expired: YYYY-MM-DD]` that can easily overlooked. – Simón Nov 20 '22 at 07:52

score 1 · Answer 4 · answered Jul 08 '21 at 20:58

1

I ran brew upgrade on macOS and it broke my gpg signing in git, presumably when it updated the gpg package. I assume there's an easier way to force the gpg service to restart correctly (I assume something that was actively running broke when I upgraded the package), but my fix for this was pretty simple: Just restart your computer.

answered Jul 08 '21 at 20:58

Connor Shea

795
7
22

3

Indeed this just happened to me. `killall gpg-agent` was the process that needed a swift kick in the ... – Mike Hardy Aug 26 '21 at 22:02
1

@MikeHardy amazing ... I tried everything and this unexpected command just fixed it (got the issue after upgrading to Monterey) – Christophe Vidal Nov 26 '21 at 12:49

score 0 · Answer 5 · answered Jun 17 '20 at 18:16

0

Install GPGSuite instead , it has GUI for generating the key.

You can see more details here

answered Jun 17 '20 at 18:16

Adham Saad

79
2

score 0 · Answer 6 · answered Sep 18 '20 at 13:43

0

If you are still getting problems in macOS, open ~/.gitconfig and change anything below [gpg] to program = /usr/local/bin/gpg

answered Sep 18 '20 at 13:43

BaharaJr

55
2
6

score 0 · Answer 7 · answered Dec 10 '20 at 10:42

0

In my case the user.signingkey was setting wrong....Copy the right signingkey the problem solved

answered Dec 10 '20 at 10:42

tangkunyin

1,383
1
8
9

score 0 · Answer 8 · answered Aug 29 '22 at 20:02

If this happens to you after installing Xcode, your git binary may have been replaced. (This particular solution assumes you are managing your git install with homebrew.)

Symptoms:

You are not prompted for a passphrase

Your error message is

error: gpg failed to sign the data
fatal: failed to write commit object

$ git config --global gpg.program throws an error

You see a system git instead of one installed by homebrew:

$ which git
/usr/bin/git # should be /usr/local/bin/git with homebrew
$ ls -l $(which git)
-rwxr-xr-x  1 root  wheel  167072 Feb  6  2022 /usr/bin/git
# should be a symbolic link with homebrew:
# lrwxr-xr-x  1 user  admin  28 Aug 16 12:11 /usr/local/bin/git -> ../Cellar/git/2.37.2/bin/git
$ git --version
git version 2.32.1 (Apple Git-133)

In this case the solution is to install or reinstall git with homebrew.

$ brew install git
# <output>
# then restart your terminal
$ ls -l $(which git)
lrwxr-xr-x  1 user  admin  28 Aug 16 12:11 /usr/local/bin/git -> ../Cellar/git/2.37.2/bin/git
$ git --version
git version 2.37.2

Don't forget to restart your terminal.

score 0 · Answer 9 · answered Feb 20 '23 at 03:52

To solve this issue without killing gpg-agent on every restart:

Check if you have multiple copies of gpg and gpg-agent:

$ which -a gpg-agent
/opt/homebrew/bin/gpg-agent
/usr/local/MacGPG2/bin/gpg-agent

$ which -a gpg
/opt/homebrew/bin/gpg
/usr/local/bin/gpg
/usr/local/bin/gpg

For me, there were some leftover binaries from old Macbook migrations installed by MacGPG2.

Removing those binaries (and symlinks) and checking again to make sure there is only one copy:

$ which -a gpg
/opt/homebrew/bin/gpg

$ which -a gpg-agent
/opt/homebrew/bin/gpg-agent

Then restart your computer one last time.

gpg should sign correctly without needing to kill anything:

$ echo "test" | gpg --clearsign
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

test
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIzBAEBCgAdFiEE1S8n.....
-----END PGP SIGNATURE-----

git - gpg onto mac osx: error: gpg failed to sign the data

9 Answers9

Linked