Skip to content

Instantly share code, notes, and snippets.

@BoGnY BoGnY/README.md
Last active Nov 15, 2019

Embed
What would you like to do?
[WINDOWS] How to enable auto-signing Git commits with GnuPG for programs that don't support it natively

[WINDOWS] How to enable auto-signing Git commits with GnuPG for programs that don't support it natively

This is a step-by-step guide on how to enable auto-signing Git commits with GPG for every applications that don't support it natively (eg. GitHub Desktop, Eclipse, Git Tower, ...)

Requirements

  • Install GPG4Win: this software is a bundle with latest version of GnuPG v2, Kleopatra v3 certificate manager, GNU Privacy Assistant (GPA) v0.9 which is a GUI that uses GTK+, GpgOL and GpgEX that are respectively an extension for MS Outlook and an extension for Windows Explorer shell
  • Install Git for Windows: so you can have a *nix based shell, this software is a bundle with latest version of Git which use MINGW environment, a Git bash shell, a Git GUI and an extension for Windows Explorer shell (Make sure your local version of Git is at least 2.0, otherwise Git don't have support for automatically sign your commits)
  • Verify if Git was successfully installed with:
    $ git --version
    # git version 2.15.1.windows.2

Remember that Git for Windows install old 1.4.xx version of GnuPG (provided through MINGW environment), but this is irrelevant, as we are going to manually specify which GnuPG program our Git must be using (which is the GnuPG version installed by GPG4Win)!

Setup

  • Install your favorite IDE with Git support, like:
  • Generate your GPG keys: visit https://help.github.com/articles/generating-a-new-gpg-key/ for a completed and detailed instructions, or otherwise use Kleopatra manager (Notes: key size should be at least 2048 bits, but 4096 is better; key should probably not expire; and you can append multiple email addresses to your GPG key)
  • Verify installation of your key:
    $ gpg --list-secret-keys --keyid-format LONG
    # /c/Users/BoGnY/.gnupg/secring.gpg
    # ----------------------------------
    # sec   4096R/E870EE00B5D90537 2017-12-31 [expires: 2021-12-31]
    # uid                          John Smith <john.smith@gmail.com>
    # ssb   4096R/F9E3E72EBBFDCFD6 2017-12-31
  • Generate your revocation certificate: this command create a .rev file, that is needed to revocate a public key shared in a key server.
    $ gpg --gen-revoke E870EE00B5D90537
  • Share your public key: this command will never send a private key!!!
    $ gpg --send-keys E870EE00B5D90537
  • Add public GPG key to GitHub: open https://github.com/settings/keys then click "New GPG key", paste your public key and click "Add GPG key"
  • Set up Git to auto-sign all commits: this change your global configuration of Git, if you would like to add auto-sign on a single repository, remove --global from command
    $ git config --global user.signingkey E870EE00B5D90537
    $ git config --global commit.gpgsign true
  • Set up Git to use a custom GPG program:
    $ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"
  • Optional: try disable TTY if you have problems with making auto-signed commits from your IDE or other software
    $ echo 'no-tty' >> ~/.gnupg/gpg.conf
    In my specific case, this point was mandatory.

Usage

Simple press "Commit" button on your favorite IDE, you see a simple window that ask your key password!

Remember that GPG4Win install also a GPG agent, that remember your password for a limited times (I think 30 minutes) by default, so you don't have to enter your password every time!! (IMHO there is a setting for change it, but I haven't search it yet).

That's all!

@sgeto

This comment has been minimized.

Copy link

sgeto commented Feb 21, 2018

So I don't know why, but this worked. Thx!

@heather-lott-cotiviti

This comment has been minimized.

Copy link

heather-lott-cotiviti commented Aug 14, 2018

This works from command line (Git Bash), but not from Eclipse. I verified that the configuration shows correctly in Eclipse (Preferences->Team->Git->Configuration shows commit.gpgsign, gpg.program, user.signingKey). Command line correctly prompts for passphrase and commit shows as Verified on github. Commits from Eclipse do not prompt for the passphrase and do not show as Verified on github. Very well-written instructions, however!

@goxr3plus

This comment has been minimized.

Copy link

goxr3plus commented Aug 23, 2018

@sgeto lol

@vaibhavhrt

This comment has been minimized.

Copy link

vaibhavhrt commented Aug 30, 2018

thanks works for me in vs code n github desktop without last optional step

@davidmurdoch

This comment has been minimized.

Copy link

davidmurdoch commented Sep 26, 2018

Followed instructions perfectly. Doesn't work for me on a fresh Windows 10 Pro install using Github Desktop. Errors with:

Commit failed - exit code 128 received, with output: 'gpg: skipped "AC7C0362CB60AB03": No secret key
gpg: signing failed: No secret key
error: gpg failed to sign the data
fatal: failed to write commit object'

The only thing I can think of is that I only installed GnuPG from GPG4Win because I thought it was the only part that was relevant.

@davidmurdoch

This comment has been minimized.

Copy link

davidmurdoch commented Sep 27, 2018

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change

$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

to

$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.

My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

@harleyday

This comment has been minimized.

Copy link

harleyday commented Oct 17, 2018

Thanks! I needed the line

git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

though I had to change it to:

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

maybe because I was using PowerShell rather than Git Bash.

@PHPirates

This comment has been minimized.

Copy link

PHPirates commented Oct 27, 2018

Note that git now comes with gpg2, which can make things easier.

PS I have written down some steps in which some of the issues mentioned are addressed, see here

@kcomain

This comment has been minimized.

Copy link

kcomain commented Apr 10, 2019

it worked! thanks. the official document didnt work so well

@mfpopa

This comment has been minimized.

Copy link

mfpopa commented Aug 15, 2019

Both Git and GPG are in the PATH system variable, so I used PowerShell on Windows 10 to set this up. Worked like a charm. Thanks!

@yegordovganich

This comment has been minimized.

Copy link

yegordovganich commented Nov 15, 2019

git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change

$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

to

$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.

My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

Thx man!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.