Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
[WINDOWS] How to enable auto-signing Git commits with GnuPG for programs that don't support it natively

[WINDOWS] How to enable auto-signing Git commits with GnuPG for programs that don't support it natively

This is a step-by-step guide on how to enable auto-signing Git commits with GPG for every applications that don't support it natively (eg. GitHub Desktop, Eclipse, Git Tower, ...)

Requirements

  • Install GPG4Win: this software is a bundle with latest version of GnuPG v2, Kleopatra v3 certificate manager, GNU Privacy Assistant (GPA) v0.9 which is a GUI that uses GTK+, GpgOL and GpgEX that are respectively an extension for MS Outlook and an extension for Windows Explorer shell
  • Install Git for Windows: so you can have a *nix based shell, this software is a bundle with latest version of Git which use MINGW environment, a Git bash shell, a Git GUI and an extension for Windows Explorer shell (Make sure your local version of Git is at least 2.0, otherwise Git don't have support for automatically sign your commits)
  • Verify if Git was successfully installed with:
    $ git --version
    # git version 2.15.1.windows.2

Remember that Git for Windows install old 1.4.xx version of GnuPG (provided through MINGW environment), but this is irrelevant, as we are going to manually specify which GnuPG program our Git must be using (which is the GnuPG version installed by GPG4Win)!

Setup

  • Install your favorite IDE with Git support, like:
  • Generate your GPG keys: visit https://help.github.com/articles/generating-a-new-gpg-key/ for a completed and detailed instructions, or otherwise use Kleopatra manager (Notes: key size should be at least 2048 bits, but 4096 is better; key should probably not expire; and you can append multiple email addresses to your GPG key)
  • Verify installation of your key:
    $ gpg --list-secret-keys --keyid-format LONG
    # /c/Users/BoGnY/.gnupg/secring.gpg
    # ----------------------------------
    # sec   4096R/E870EE00B5D90537 2017-12-31 [expires: 2021-12-31]
    # uid                          John Smith <john.smith@gmail.com>
    # ssb   4096R/F9E3E72EBBFDCFD6 2017-12-31
  • Generate your revocation certificate: this command create a .rev file, that is needed to revocate a public key shared in a key server.
    $ gpg --gen-revoke E870EE00B5D90537
  • Share your public key: this command will never send a private key!!!
    $ gpg --send-keys E870EE00B5D90537
  • Add public GPG key to GitHub: open https://github.com/settings/keys then click "New GPG key", paste your public key and click "Add GPG key"
  • Set up Git to auto-sign all commits: this change your global configuration of Git, if you would like to add auto-sign on a single repository, remove --global from command
    $ git config --global user.signingkey E870EE00B5D90537
    $ git config --global commit.gpgsign true
  • Set up Git to use a custom GPG program:
    $ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"
  • Optional: try disable TTY if you have problems with making auto-signed commits from your IDE or other software
    $ echo 'no-tty' >> ~/.gnupg/gpg.conf
    In my specific case, this point was mandatory.

Usage

Simple press "Commit" button on your favorite IDE, you see a simple window that ask your key password!

Remember that GPG4Win install also a GPG agent, that remember your password for a limited times (I think 30 minutes) by default, so you don't have to enter your password every time!! (IMHO there is a setting for change it, but I haven't search it yet).

That's all!

@sgeto

This comment has been minimized.

Copy link

@sgeto sgeto commented Feb 21, 2018

So I don't know why, but this worked. Thx!

@heather-lott-cotiviti

This comment has been minimized.

Copy link

@heather-lott-cotiviti heather-lott-cotiviti commented Aug 14, 2018

This works from command line (Git Bash), but not from Eclipse. I verified that the configuration shows correctly in Eclipse (Preferences->Team->Git->Configuration shows commit.gpgsign, gpg.program, user.signingKey). Command line correctly prompts for passphrase and commit shows as Verified on github. Commits from Eclipse do not prompt for the passphrase and do not show as Verified on github. Very well-written instructions, however!

@goxr3plus

This comment has been minimized.

Copy link

@goxr3plus goxr3plus commented Aug 23, 2018

@sgeto lol

@vaibhavhrt

This comment has been minimized.

Copy link

@vaibhavhrt vaibhavhrt commented Aug 30, 2018

thanks works for me in vs code n github desktop without last optional step

@davidmurdoch

This comment has been minimized.

Copy link

@davidmurdoch davidmurdoch commented Sep 26, 2018

Followed instructions perfectly. Doesn't work for me on a fresh Windows 10 Pro install using Github Desktop. Errors with:

Commit failed - exit code 128 received, with output: 'gpg: skipped "AC7C0362CB60AB03": No secret key
gpg: signing failed: No secret key
error: gpg failed to sign the data
fatal: failed to write commit object'

The only thing I can think of is that I only installed GnuPG from GPG4Win because I thought it was the only part that was relevant.

@davidmurdoch

This comment has been minimized.

Copy link

@davidmurdoch davidmurdoch commented Sep 27, 2018

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change

$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

to

$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.

My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

@harleyday

This comment has been minimized.

Copy link

@harleyday harleyday commented Oct 17, 2018

Thanks! I needed the line

git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

though I had to change it to:

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

maybe because I was using PowerShell rather than Git Bash.

@PHPirates

This comment has been minimized.

Copy link

@PHPirates PHPirates commented Oct 27, 2018

Note that git now comes with gpg2, which can make things easier.

PS I have written down some steps in which some of the issues mentioned are addressed, see here

@kcomain

This comment has been minimized.

Copy link

@kcomain kcomain commented Apr 10, 2019

it worked! thanks. the official document didnt work so well

@mfpopa

This comment has been minimized.

Copy link

@mfpopa mfpopa commented Aug 15, 2019

Both Git and GPG are in the PATH system variable, so I used PowerShell on Windows 10 to set this up. Worked like a charm. Thanks!

@yegordovganich

This comment has been minimized.

Copy link

@yegordovganich yegordovganich commented Nov 15, 2019

git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change

$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

to

$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.

My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

Thx man!

@ChristianoKiss

This comment has been minimized.

Copy link

@ChristianoKiss ChristianoKiss commented Nov 29, 2019

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change

$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

to

$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.

My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

Yep, this was also my problem. If you manually install GPG command line tools, you end up having two gpg.exe inside git-bash.exe. This can be verified by typing where gpg inside Git Bash. Cheers, mate!

@MortonSykes1

This comment has been minimized.

Copy link

@MortonSykes1 MortonSykes1 commented Dec 2, 2019

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change
$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"
to
$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"
and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.
My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

Yep, this was also my problem. If you manually install GPG command line tools, you end up having two gpg.exe inside git-bash.exe. This can be verified by typing where gpg inside Git Bash. Cheers, mate!

THISS x 1000000 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

THANK YOU!!!! - Windows 10 , Followed GitHub Instuctions, Got Wrecked before this helpfull post. Thanks!!

@MuhammadFariMadyan

This comment has been minimized.

Copy link

@MuhammadFariMadyan MuhammadFariMadyan commented Feb 7, 2020

Thanks Bro, Success On My Windows 10 Home.
My Config for error 'cannot spawn gpg2 : No such file or directory' :

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

or we can store this config to "environtment system variables" and use this config :

git config --global gpg.program "gpg"
@baliestri

This comment has been minimized.

Copy link

@baliestri baliestri commented May 5, 2020

It worked!!! Thank you!

@ridays2001

This comment has been minimized.

Copy link

@ridays2001 ridays2001 commented Jul 22, 2020

Thank you so much. It worked perfectly.

The installation of GPG4Win installed 3 different components to my PC. I would like to know which ones are important and which ones are not. I have Kleopatra, GPA and Gnu Privacy Guard.

@lucknaumann

This comment has been minimized.

Copy link

@lucknaumann lucknaumann commented Jul 22, 2020

@ridays2001 commented on Jul 22, 2020, 7:08 AM MST:

Thank you so much. It worked perfectly.

The installation of GPG4Win installed 3 different components to my PC. I would like to know which ones are important and which ones are not. I have Kleopatra, GPA and Gnu Privacy Guard.

You can look these up on their site. In terms of the GUIs, it ultimately depends on what you want to keep.
https://www.gpg4win.org/about.html

Gpg4win Components

Gpg4win is an installer for Windows and contains several Free Software components:

GnuPG [aka Gnu Privacy Guard]
The backend; this is the actual encryption tool.

Kleopatra [GUI]
A certificate manager for OpenPGP and X.509 (S/MIME) and common crypto dialogs.

GpgOL
A plugin for Microsoft Outlook 2010/2013/2016/2019 (email encryption). With Outlook 2010 and higher GpgpOL supports MS Exchange Server.

GpgEX
A plugin for Microsoft Explorer (file encryption).

GPA [Key Manager GUI]
An alternative certificate manager for OpenPGP and X.509 (S/MIME).

More info: https://www.gpg4win.org/features.html
Edit: The installer lets you choose the above components (minus the GnuPG backend, of course).

@boris-nekezov

This comment has been minimized.

Copy link

@boris-nekezov boris-nekezov commented Oct 19, 2020

git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

Thanks @davidmurdoch man when I chanded the path like this it worked for me!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.