31

I installed Git for Windows including Git Bash on Windows 10 and Gpg4win. By default, I had to re-import all keys I created via Kleopatra into the GPG version built into the Git Bash, and it won't allow me to setup an agent. What I need to do is to automate singing such that I don't need to enter the password every single time, but rather only the first time in a given period of time. How is that possible?

I tried to follow this tutorial, but gpg2 does not use the correct charset when executed from within Git Bash, so it does not recognize keys which contain non-ASCII characters.

Is there any way to solve this problem? What is the best way to use PGP signing with Git on Windows?

just.me
  • 2,155
  • 5
  • 16
  • 25

2 Answers2

43

Update Oct. 2018, as commented below by PHPirate:

λ git --version
git version 2.19.1.windows.1

λ gpg --version
gpg (GnuPG) 2.2.9-unknown
libgcrypt 1.8.3
Copyright (C) 2018 Free Software Foundation, Inc.

No trace of that update in git-for-windows/git/releases

Original answer (2017): By default, Git for Windows includes a gpg1, not gpg2

vonc@bvonc MINGW64 ~/.ssh
$ gpg --version
gpg (GnuPG) 1.4.21

Using a different gpg is indeed recommended:

git config --global gpg.program "c:/Program Files (x86)/GnuPG/bin/gpg.exe"

Try again with the latest Git for Windows with UTF-8 set in locale.
Try a Git simplified path to rule out any interference from other programs.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • 1
    In the latest version of Gpg4Win they changed the paths/file names. `gpg.exe` is now v2, and they removed `GNU` from the install path. `c:/Program Files (x86)/GnuPG/gpg.exe` – Peter Jun 08 '18 at 15:40
  • 3
    It actually places `gpg.exe` on a `bin` folder under `GnuPG`. So the path should be updated to reflect this change, that is: `.../GnuPG/bin/gpg.exe`. – ranu Jun 09 '18 at 13:30
  • 1
    @RafaelCamposNunes OK, I have edited the answer accordingly. – VonC Jun 09 '18 at 13:37
  • 1
    @VonC FYI I found by coincidence that git 2.19.1 includes gpg2, they have silently updated it, it seems... makes things easier. – PHPirate Oct 30 '18 at 16:52
  • 2
    @PHPirate Thank you. I have included your comment in the answer for more visibility. – VonC Oct 30 '18 at 17:03
21

Since (at least) git 2.19.1, git includes gpg2!

That means you are not required to install gpg4win anymore just for git signing. You ask how to setup commit signing such that you only have to enter your passphrase after a certain timeout: gpg-agent can handle that, and I tested that it works with git's gpg (but not with gnupg's gpg). Although it doesn't always work for me, it should work in general.

Below is a short summary of the full instructions I have written down here, assuming you have signing set up:

  1. Make sure you are using git's gpg
  2. Update the cache time, in C:\Users\username\.gnupg\gpg-agent.conf (create the file if it doesn't exist), add default-cache-ttl 34560000 and max-cache-ttl 34560000. These times are in seconds, choose whatever you want.
  3. Restart gpg-agent using gpgconf --kill gpg-agent.
PHPirate
  • 7,023
  • 7
  • 48
  • 84