I followed instructions here: https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key
I did not include a comment. Only my name and email which match my github account.
Then, I set my git config to the following:
[user]
name = First Last
email = first.last@awesomecompany.com
signingkey = ABCDMYKEY12345
[commit]
gpgsign = true
[gpg]
program = C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe
gpg --version returns
$ gpg --version
gpg (GnuPG) 2.2.29-unknown
libgcrypt 1.9.3-unknown
I've run GIT_TRACE=1 and returned
$ GIT_TRACE=1 git commit --allow-empty -m "signing"
09:30:10.094197 exec-cmd.c:237 trace: resolved executable dir: C:/Program Files/Git/mingw64/bin
09:30:10.102197 git.c:455 trace: built-in: git commit --allow-empty -m signing
09:30:10.126235 run-command.c:666 trace: run_command: 'C:\Program Files (x86)\GnuPG\bin\gpg.exe' -bsau ABCDMYKEY12345
gpg: skipped "ABCDMYKEY12345": No secret key
gpg: signing failed: No secret key
error: gpg failed to sign the data
fatal: failed to write commit object
I've triple-checked for typos. This does not seem like a duplicate of gpg: skipped "XXBDXX4E": secret key not available. gpg: signing failed: secret key not available
because my gpg program is correctly set
I've seen this question Git doesn't see gpg key as secret, even though it is, how do I fix it?
But I don't understand the gpg2 thing. My gpg version is 2. Why do I need another gpg2 program. Besides, where do I get gpg2 from? Is it supposed to come with Git?
