Skip to content

Instantly share code, notes, and snippets.

@BoGnY
Last active Sep 29, 2022
Embed
What would you like to do?
[WINDOWS] How to enable auto-signing Git commits with GnuPG for programs that don't support it natively

[WINDOWS] How to enable auto-signing Git commits with GnuPG for programs that don't support it natively

This is a step-by-step guide on how to enable auto-signing Git commits with GPG for every applications that don't support it natively (eg. GitHub Desktop, Eclipse, Git Tower, ...)

Requirements

  • Install GPG4Win: this software is a bundle with latest version of GnuPG v2, Kleopatra v3 certificate manager, GNU Privacy Assistant (GPA) v0.9 which is a GUI that uses GTK+, GpgOL and GpgEX that are respectively an extension for MS Outlook and an extension for Windows Explorer shell
  • Install Git for Windows: so you can have a *nix based shell, this software is a bundle with latest version of Git which use MINGW environment, a Git bash shell, a Git GUI and an extension for Windows Explorer shell (Make sure your local version of Git is at least 2.0, otherwise Git don't have support for automatically sign your commits)
  • Verify if Git was successfully installed with:
    $ git --version
    # git version 2.15.1.windows.2

Remember that Git for Windows install old 1.4.xx version of GnuPG (provided through MINGW environment), but this is irrelevant, as we are going to manually specify which GnuPG program our Git must be using (which is the GnuPG version installed by GPG4Win)!

Setup

  • Install your favorite IDE with Git support, like:
  • Generate your GPG keys: visit https://help.github.com/articles/generating-a-new-gpg-key/ for a completed and detailed instructions, or otherwise use Kleopatra manager (Notes: key size should be at least 2048 bits, but 4096 is better; key should probably not expire; and you can append multiple email addresses to your GPG key)
  • Verify installation of your key:
    $ gpg --list-secret-keys --keyid-format LONG
    # /c/Users/BoGnY/.gnupg/secring.gpg
    # ----------------------------------
    # sec   4096R/E870EE00B5D90537 2017-12-31 [expires: 2021-12-31]
    # uid                          John Smith <john.smith@gmail.com>
    # ssb   4096R/F9E3E72EBBFDCFD6 2017-12-31
  • Generate your revocation certificate: this command create a .rev file, that is needed to revocate a public key shared in a key server.
    $ gpg --gen-revoke E870EE00B5D90537
  • Share your public key: this command will never send a private key!!!
    $ gpg --send-keys E870EE00B5D90537
  • Add public GPG key to GitHub: open https://github.com/settings/keys then click "New GPG key", paste your public key and click "Add GPG key"
  • Set up Git to auto-sign all commits: this change your global configuration of Git, if you would like to add auto-sign on a single repository, remove --global from command
    $ git config --global user.signingkey E870EE00B5D90537
    $ git config --global commit.gpgsign true
  • Set up Git to use a custom GPG program:
    $ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"
  • Optional: try disable TTY if you have problems with making auto-signed commits from your IDE or other software
    $ echo 'no-tty' >> ~/.gnupg/gpg.conf
    In my specific case, this point was mandatory.

Usage

Simple press "Commit" button on your favorite IDE, you see a simple window that ask your key password!

Remember that GPG4Win install also a GPG agent, that remember your password for a limited times (I think 30 minutes) by default, so you don't have to enter your password every time!! (IMHO there is a setting for change it, but I haven't search it yet).

That's all!

@goxr3plus
Copy link

goxr3plus commented Aug 23, 2018

@sgeto lol

@vaibhavhrt
Copy link

vaibhavhrt commented Aug 30, 2018

thanks works for me in vs code n github desktop without last optional step

@davidmurdoch
Copy link

davidmurdoch commented Sep 26, 2018

Followed instructions perfectly. Doesn't work for me on a fresh Windows 10 Pro install using Github Desktop. Errors with:

Commit failed - exit code 128 received, with output: 'gpg: skipped "AC7C0362CB60AB03": No secret key
gpg: signing failed: No secret key
error: gpg failed to sign the data
fatal: failed to write commit object'

The only thing I can think of is that I only installed GnuPG from GPG4Win because I thought it was the only part that was relevant.

@davidmurdoch
Copy link

davidmurdoch commented Sep 27, 2018

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change

$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

to

$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.

My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

@harleyday
Copy link

harleyday commented Oct 17, 2018

Thanks! I needed the line

git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

though I had to change it to:

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

maybe because I was using PowerShell rather than Git Bash.

@PHPirates
Copy link

PHPirates commented Oct 27, 2018

Note that git now comes with gpg2, which can make things easier.

PS I have written down some steps in which some of the issues mentioned are addressed, see here

@soopyc
Copy link

soopyc commented Apr 10, 2019

it worked! thanks. the official document didnt work so well

@mfpopa
Copy link

mfpopa commented Aug 15, 2019

Both Git and GPG are in the PATH system variable, so I used PowerShell on Windows 10 to set this up. Worked like a charm. Thanks!

@yegordovganich
Copy link

yegordovganich commented Nov 15, 2019

git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change

$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

to

$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.

My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

Thx man!

@ChristianoKiss
Copy link

ChristianoKiss commented Nov 29, 2019

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change

$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

to

$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.

My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

Yep, this was also my problem. If you manually install GPG command line tools, you end up having two gpg.exe inside git-bash.exe. This can be verified by typing where gpg inside Git Bash. Cheers, mate!

@MortonSykes1
Copy link

MortonSykes1 commented Dec 2, 2019

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change
$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"
to
$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"
and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.
My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

Yep, this was also my problem. If you manually install GPG command line tools, you end up having two gpg.exe inside git-bash.exe. This can be verified by typing where gpg inside Git Bash. Cheers, mate!

THISS x 1000000 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

THANK YOU!!!! - Windows 10 , Followed GitHub Instuctions, Got Wrecked before this helpfull post. Thanks!!

@MuhammadFariMadyan
Copy link

MuhammadFariMadyan commented Feb 7, 2020

Thanks Bro, Success On My Windows 10 Home.
My Config for error 'cannot spawn gpg2 : No such file or directory' :

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

or we can store this config to "environtment system variables" and use this config :

git config --global gpg.program "gpg"

@baliestri
Copy link

baliestri commented May 5, 2020

It worked!!! Thank you!

@ridays2001
Copy link

ridays2001 commented Jul 22, 2020

Thank you so much. It worked perfectly.

The installation of GPG4Win installed 3 different components to my PC. I would like to know which ones are important and which ones are not. I have Kleopatra, GPA and Gnu Privacy Guard.

@boris-nekezov
Copy link

boris-nekezov commented Oct 19, 2020

git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

Thanks @davidmurdoch man when I chanded the path like this it worked for me!

@danoli3
Copy link

danoli3 commented Nov 4, 2020

I just had to uninstall the second GPG key install and update and use the Git embedded version to work in Git Bash and SourceTree Windows

Uninstalled GnuPG:
C:/Program Files (x86)/GnuPG/bin/gpg.exe"

Updated Git/Git-Bash:
https://git-scm.com/downloads

Running this command:
where gpg

@sergeyklay
Copy link

sergeyklay commented Nov 6, 2020

I just had to uninstall the second GPG key install and update and use the Git embedded version to work in Git Bash and SourceTree Windows

Actually, if you use a native command shell (or PowerShell), you don't need to use embedded GnuPG, as well as Git Bash

@dilipvijjapu
Copy link

dilipvijjapu commented Mar 8, 2021

When I am trying to generate a new key I am the following error
gpg: Sorry, no terminal at all requested - can't get input
can anyone help me out to solve this issue

@BernardoB95
Copy link

BernardoB95 commented Mar 12, 2021

Im trying to make it work on Pycharm, however it still displays the same error message.

Commit failed with error
0 file committed, 1 file failed to commit: Block D Factories created, pending implementation - TESTE
gpg: skipped "USERNAME ": No secret key
gpg: signing failed: No secret key
gpg failed to sign the data
failed to write commit object

This is my local .gitconfig file. Anyone with the same issue?
image

@polyglotdev
Copy link

polyglotdev commented Apr 9, 2021

everything worked fine until you had to tell git here the exe was for gpg. The command I used instead was:
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

@informatika3052
Copy link

informatika3052 commented Apr 21, 2021

thank you full , i am worked git config --global gpg.program "C:\Program Files\GnuPG\bin\gpg.exe"

@dsoyolo
Copy link

dsoyolo commented May 21, 2021

everything worked fine until you had to tell git here the exe was for gpg. The command I used instead was:
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

This was my issue as well. Got it working, thanks!

@NirajanMahara
Copy link

NirajanMahara commented Jun 3, 2021

Follow the below url to setup signed commit https://help.github.com/en/articles/telling-git-about-your-signing-key

if still getting gpg failed to sign the data fatal: failed to write commit object

this is not issue with git ,this is with GPG follow below steps

  1. gpg --version

  2. echo "test" | gpg --clearsign

if it is showing:

gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device
  1. then use export GPG_TTY=$(tty)

  2. then try again echo "test" | gpg --clearsign in which PGP signature is.

Output:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

test
-----BEGIN PGP SIGNATURE-----

iLMEAQEKAB0WIQS2V0SFHi18psvDbo7uFF+LP7qc1gUCYLjB2QAKCRDuFF+LP7qc
1r5LBACB1m3Lpl21379qAvVamWcn9isdgdg34t34t43t34t34t434yGQHqikxWL7A5
Ls7giKZYscb30o0rkY6I1W9MjBBW96R2pnaYsioFpsf434dfg54rfdgfdgdfgdfpaIoU3k
JKrYxR7yMjqUv0a2jE+97kh+bSuzqwIkMHyikbABI90lY+4OLw==
=UHKx
-----END PGP SIGNATURE-----
  1. git config -l | grep gpg

Output:

commit.gpgsign=true
gpg.program=gpg
tag.gpgsign=true
  1. apply git commit -S -m "initial commit 🚀🚀🚀🚀"
  2. or git config --global commit.gpgsign true

https://stackoverflow.com/questions/39494631/gpg-failed-to-sign-the-data-fatal-failed-to-write-commit-object-git-2-10-0/55993078#55993078

@jnthmota
Copy link

jnthmota commented Jun 7, 2021

Thank so much!
I changed
git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"
to
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

on windows

@noxifoxi
Copy link

noxifoxi commented Sep 12, 2021

Thank so much!
I changed
git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"
to
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

on windows

same.
Setting this config entry also was mandatory. I wasn't sure what issued the "git gpg skipped ... no secret key" error message, but now I know it was this line.

@Manik-khosla
Copy link

Manik-khosla commented Sep 19, 2021

Thank you ! It worked for me.

@L32GIT
Copy link

L32GIT commented Dec 3, 2021

Couldn't get this to work even after reading all the comments.
I've posted a related question on https://stackoverflow.com/questions/70212042/eclipse-unable-to-find-a-gpg-key-for-signing-verify-through-eclipse

If it will be answered there, then it'll help those who still can't get this to work from Eclipse.

@exoosh
Copy link

exoosh commented Feb 15, 2022

When another GPG instance (same major version, though!) uses a different directory for the databases, you can always point them to the correct one using the GNUPGHOME environment variable.

Another way is to create a junction point or symbolic link from %USERPROFILE%\.gnupg to %USERPROFILE%\.gnupg, that is either (after moving the old %USERPROFILE%\.gnupg out of the way):

mklink /j "%USERPROFILE%\.gnupg" "%USERPROFILE%\.gnupg"

or (this requires to be run in an elevated prompt, unless the option to create symbolic links was enabled for the current user, e.g. via the Git for Windows installer):

mklink /d "%USERPROFILE%\.gnupg" "%USERPROFILE%\.gnupg"

From experience the respective files can live side by side peacefully. I have not heard of another location used by GnuPG flavors on Windows. But if they exist, you can always point them all to the same directory. However, keep in mind that 1.x and 2.x versions use different databases altogether, so this still doesn't iron out all issues.

@nnzv
Copy link

nnzv commented Aug 18, 2022

Great !

@kuohuanhuan
Copy link

kuohuanhuan commented Aug 27, 2022

Thx a lot and works.
ps. I use

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

for Git-SCM.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment