Git commits unverified but should be verified

Question

My commits are currently coming in as "Unverified" but they should be set to "Verified".

I've followed the this guide to create my GPG key and when I do gpg --list-secret-keys --keyid-format LONG I get the following:

sec   rsa4096/SOME_KEY 2019-10-24 [SC]
      SOME_OTHER_LONGER_KEY
uid                 [ultimate] Ryan Wood <myemail@address.com>
ssb   rsa4096/SOME_OTHER_KEY 2019-10-24 [E]

I did gpg --armor --export SOME_KEY to produce the public key and put it on GitHub as per the instructions here. Furthermore, I set git config --global commit.gpgsign true as per this guide and was prompted for my passphrase on my last commit, which I entered correctly. I also verified that the email I provided to GPG and the email I have listed on GitHub are the same. Finally, I set my signing key in git according to the answer provided in this question by doing git config --global user.signingkey SOME_KEY. However, my commit is unverified.

Is there anything else I need to do here or does the process require a certain amount of time before the commits show as verified?

Answer 1

I had the same issue. Just take a look to your global config settings git config --list.

And put the correct email - git config --global user.email <email>.

Answer 2

I had a similar issue because I had mistakenly installed and configured smimesign, although it was not part of the guide for GPG keys.

My solution to this was as follows:

brew uninstall smimesign
git config --global --unset gpg.format
git config --global --unset gpg.x509.program
git config --global user.signingkey [KEY HASH]

where the [KEY HASH] was listed by gpg:

$ gpg --list-secret-keys --keyid-format LONG
/Users/stig/.gnupg/pubring.kbx
------------------------------
sec   rsa4096/...
      [KEY HASH]
uid                 [ultimate] Stig (comment) <stig@example.com>
ssb   rsa4096/...

On the next commit, the Verified sign was shown immediately.

Answer 3

I wanted to push verified tags to remote github but was showing unverified everytime i pushed it in git remote.

Let me brief steps:

#To display all tags:

git tag

Adding local repo tag

git tag -a tagname -m "adding tag"

As it was showing unverified commit on pushing (git push --tags) created tags, so I change something in a code file and commited it , using already setup and verified git GPG. So, at this point of time, I created a tag and changed a file in code.

Now, taking the following steps to commit for verified tags or commit in git:

Verify git + gpg
(will prompt for gpg key passphrase on first usage)
echo "test" | gpg --clearsign; the output should look like below:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
test
-----BEGIN PGP SIGNATURE-----
the pgp signature data would show here
-----END PGP SIGNATURE-----
If you see the following error;
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
test
gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device
Try using the following command to fix.
export GPG_TTY=$(tty)
The configurations presented above form the basis of the following UI-based tools and IDEs.
The following sections present the information needed to hook each tool into the local git configuration.
Command line commit syntax
Whenever a commit is made from the developer environment, the following syntax will generate signed commits:
git commit -S -m "your commit message"

Other important commands for tags:

#To delete local repo tag

git tag -d tagname

e.g: git tag -d v1.3.3

#pushing newly created tag to remote

git push --tags

#To delete a remote tag in Git hub:

git push --delete origin tagname