Skip to content

Instantly share code, notes, and snippets.

@BoGnY

BoGnY/README.md

Last active Jun 18, 2021
Embed
What would you like to do?
[WINDOWS] How to enable auto-signing Git commits with GnuPG for programs that don't support it natively

[WINDOWS] How to enable auto-signing Git commits with GnuPG for programs that don't support it natively

This is a step-by-step guide on how to enable auto-signing Git commits with GPG for every applications that don't support it natively (eg. GitHub Desktop, Eclipse, Git Tower, ...)

Requirements

  • Install GPG4Win: this software is a bundle with latest version of GnuPG v2, Kleopatra v3 certificate manager, GNU Privacy Assistant (GPA) v0.9 which is a GUI that uses GTK+, GpgOL and GpgEX that are respectively an extension for MS Outlook and an extension for Windows Explorer shell
  • Install Git for Windows: so you can have a *nix based shell, this software is a bundle with latest version of Git which use MINGW environment, a Git bash shell, a Git GUI and an extension for Windows Explorer shell (Make sure your local version of Git is at least 2.0, otherwise Git don't have support for automatically sign your commits)
  • Verify if Git was successfully installed with:
    $ git --version
    # git version 2.15.1.windows.2

Remember that Git for Windows install old 1.4.xx version of GnuPG (provided through MINGW environment), but this is irrelevant, as we are going to manually specify which GnuPG program our Git must be using (which is the GnuPG version installed by GPG4Win)!

Setup

  • Install your favorite IDE with Git support, like:
  • Generate your GPG keys: visit https://help.github.com/articles/generating-a-new-gpg-key/ for a completed and detailed instructions, or otherwise use Kleopatra manager (Notes: key size should be at least 2048 bits, but 4096 is better; key should probably not expire; and you can append multiple email addresses to your GPG key)
  • Verify installation of your key:
    $ gpg --list-secret-keys --keyid-format LONG
    # /c/Users/BoGnY/.gnupg/secring.gpg
    # ----------------------------------
    # sec   4096R/E870EE00B5D90537 2017-12-31 [expires: 2021-12-31]
    # uid                          John Smith <john.smith@gmail.com>
    # ssb   4096R/F9E3E72EBBFDCFD6 2017-12-31
  • Generate your revocation certificate: this command create a .rev file, that is needed to revocate a public key shared in a key server.
    $ gpg --gen-revoke E870EE00B5D90537
  • Share your public key: this command will never send a private key!!!
    $ gpg --send-keys E870EE00B5D90537
  • Add public GPG key to GitHub: open https://github.com/settings/keys then click "New GPG key", paste your public key and click "Add GPG key"
  • Set up Git to auto-sign all commits: this change your global configuration of Git, if you would like to add auto-sign on a single repository, remove --global from command
    $ git config --global user.signingkey E870EE00B5D90537
    $ git config --global commit.gpgsign true
  • Set up Git to use a custom GPG program:
    $ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"
  • Optional: try disable TTY if you have problems with making auto-signed commits from your IDE or other software
    $ echo 'no-tty' >> ~/.gnupg/gpg.conf
    In my specific case, this point was mandatory.

Usage

Simple press "Commit" button on your favorite IDE, you see a simple window that ask your key password!

Remember that GPG4Win install also a GPG agent, that remember your password for a limited times (I think 30 minutes) by default, so you don't have to enter your password every time!! (IMHO there is a setting for change it, but I haven't search it yet).

That's all!

@sgeto

This comment has been minimized.

Copy link

@sgeto sgeto commented Feb 21, 2018

So I don't know why, but this worked. Thx!

@heather-lott-cotiviti

This comment has been minimized.

Copy link

@heather-lott-cotiviti heather-lott-cotiviti commented Aug 14, 2018

This works from command line (Git Bash), but not from Eclipse. I verified that the configuration shows correctly in Eclipse (Preferences->Team->Git->Configuration shows commit.gpgsign, gpg.program, user.signingKey). Command line correctly prompts for passphrase and commit shows as Verified on github. Commits from Eclipse do not prompt for the passphrase and do not show as Verified on github. Very well-written instructions, however!

@goxr3plus

This comment has been minimized.

Copy link

@goxr3plus goxr3plus commented Aug 23, 2018

@sgeto lol

@vaibhavhrt

This comment has been minimized.

Copy link

@vaibhavhrt vaibhavhrt commented Aug 30, 2018

thanks works for me in vs code n github desktop without last optional step

@davidmurdoch

This comment has been minimized.

Copy link

@davidmurdoch davidmurdoch commented Sep 26, 2018

Followed instructions perfectly. Doesn't work for me on a fresh Windows 10 Pro install using Github Desktop. Errors with:

Commit failed - exit code 128 received, with output: 'gpg: skipped "AC7C0362CB60AB03": No secret key
gpg: signing failed: No secret key
error: gpg failed to sign the data
fatal: failed to write commit object'

The only thing I can think of is that I only installed GnuPG from GPG4Win because I thought it was the only part that was relevant.

@davidmurdoch

This comment has been minimized.

Copy link

@davidmurdoch davidmurdoch commented Sep 27, 2018

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change

$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

to

$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.

My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

@harleyday

This comment has been minimized.

Copy link

@harleyday harleyday commented Oct 17, 2018

Thanks! I needed the line

git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

though I had to change it to:

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

maybe because I was using PowerShell rather than Git Bash.

@PHPirates

This comment has been minimized.

Copy link

@PHPirates PHPirates commented Oct 27, 2018

Note that git now comes with gpg2, which can make things easier.

PS I have written down some steps in which some of the issues mentioned are addressed, see here

@kcomain

This comment has been minimized.

Copy link

@kcomain kcomain commented Apr 10, 2019

it worked! thanks. the official document didnt work so well

@mfpopa

This comment has been minimized.

Copy link

@mfpopa mfpopa commented Aug 15, 2019

Both Git and GPG are in the PATH system variable, so I used PowerShell on Windows 10 to set this up. Worked like a charm. Thanks!

@yegordovganich

This comment has been minimized.

Copy link

@yegordovganich yegordovganich commented Nov 15, 2019

git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change

$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

to

$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.

My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

Thx man!

@ChristianoKiss

This comment has been minimized.

Copy link

@ChristianoKiss ChristianoKiss commented Nov 29, 2019

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change

$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

to

$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.

My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

Yep, this was also my problem. If you manually install GPG command line tools, you end up having two gpg.exe inside git-bash.exe. This can be verified by typing where gpg inside Git Bash. Cheers, mate!

@MortonSykes1

This comment has been minimized.

Copy link

@MortonSykes1 MortonSykes1 commented Dec 2, 2019

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change
$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"
to
$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"
and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.
My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

Yep, this was also my problem. If you manually install GPG command line tools, you end up having two gpg.exe inside git-bash.exe. This can be verified by typing where gpg inside Git Bash. Cheers, mate!

THISS x 1000000 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

THANK YOU!!!! - Windows 10 , Followed GitHub Instuctions, Got Wrecked before this helpfull post. Thanks!!

@MuhammadFariMadyan

This comment has been minimized.

Copy link

@MuhammadFariMadyan MuhammadFariMadyan commented Feb 7, 2020

Thanks Bro, Success On My Windows 10 Home.
My Config for error 'cannot spawn gpg2 : No such file or directory' :

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

or we can store this config to "environtment system variables" and use this config :

git config --global gpg.program "gpg"
@baliestri

This comment has been minimized.

Copy link

@baliestri baliestri commented May 5, 2020

It worked!!! Thank you!

@ridays2001

This comment has been minimized.

Copy link

@ridays2001 ridays2001 commented Jul 22, 2020

Thank you so much. It worked perfectly.

The installation of GPG4Win installed 3 different components to my PC. I would like to know which ones are important and which ones are not. I have Kleopatra, GPA and Gnu Privacy Guard.

@boris-nekezov

This comment has been minimized.

Copy link

@boris-nekezov boris-nekezov commented Oct 19, 2020

git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

Thanks @davidmurdoch man when I chanded the path like this it worked for me!

@danoli3

This comment has been minimized.

Copy link

@danoli3 danoli3 commented Nov 4, 2020

I just had to uninstall the second GPG key install and update and use the Git embedded version to work in Git Bash and SourceTree Windows

Uninstalled GnuPG:
C:/Program Files (x86)/GnuPG/bin/gpg.exe"

Updated Git/Git-Bash:
https://git-scm.com/downloads

Running this command:
where gpg

@sergeyklay

This comment has been minimized.

Copy link

@sergeyklay sergeyklay commented Nov 6, 2020

I just had to uninstall the second GPG key install and update and use the Git embedded version to work in Git Bash and SourceTree Windows

Actually, if you use a native command shell (or PowerShell), you don't need to use embedded GnuPG, as well as Git Bash

@dilipvijjapu

This comment has been minimized.

Copy link

@dilipvijjapu dilipvijjapu commented Mar 8, 2021

When I am trying to generate a new key I am the following error
gpg: Sorry, no terminal at all requested - can't get input
can anyone help me out to solve this issue

@BernardoB95

This comment has been minimized.

Copy link

@BernardoB95 BernardoB95 commented Mar 12, 2021

Im trying to make it work on Pycharm, however it still displays the same error message.

Commit failed with error
0 file committed, 1 file failed to commit: Block D Factories created, pending implementation - TESTE
gpg: skipped "USERNAME ": No secret key
gpg: signing failed: No secret key
gpg failed to sign the data
failed to write commit object

This is my local .gitconfig file. Anyone with the same issue?
image

@polyglotdev

This comment has been minimized.

Copy link

@polyglotdev polyglotdev commented Apr 9, 2021

everything worked fine until you had to tell git here the exe was for gpg. The command I used instead was:
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

@informatika3052

This comment has been minimized.

Copy link

@informatika3052 informatika3052 commented Apr 21, 2021

thank you full , i am worked git config --global gpg.program "C:\Program Files\GnuPG\bin\gpg.exe"

@dsoyolo

This comment has been minimized.

Copy link

@dsoyolo dsoyolo commented May 21, 2021

everything worked fine until you had to tell git here the exe was for gpg. The command I used instead was:
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

This was my issue as well. Got it working, thanks!

@NirajanWEB

This comment has been minimized.

Copy link

@NirajanWEB NirajanWEB commented Jun 3, 2021

Follow the below url to setup signed commit https://help.github.com/en/articles/telling-git-about-your-signing-key

if still getting gpg failed to sign the data fatal: failed to write commit object

this is not issue with git ,this is with GPG follow below steps

  1. gpg --version

  2. echo "test" | gpg --clearsign

if it is showing:

gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device
  1. then use export GPG_TTY=$(tty)

  2. then try again echo "test" | gpg --clearsign in which PGP signature is.

Output:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

test
-----BEGIN PGP SIGNATURE-----

iLMEAQEKAB0WIQS2V0SFHi18psvDbo7uFF+LP7qc1gUCYLjB2QAKCRDuFF+LP7qc
1r5LBACB1m3Lpl21379qAvVamWcn9isdgdg34t34t43t34t34t434yGQHqikxWL7A5
Ls7giKZYscb30o0rkY6I1W9MjBBW96R2pnaYsioFpsf434dfg54rfdgfdgdfgdfpaIoU3k
JKrYxR7yMjqUv0a2jE+97kh+bSuzqwIkMHyikbABI90lY+4OLw==
=UHKx
-----END PGP SIGNATURE-----
  1. git config -l | grep gpg

Output:

commit.gpgsign=true
gpg.program=gpg
tag.gpgsign=true
  1. apply git commit -S -m "initial commit 🚀🚀🚀🚀"
  2. or git config --global commit.gpgsign true

https://stackoverflow.com/questions/39494631/gpg-failed-to-sign-the-data-fatal-failed-to-write-commit-object-git-2-10-0/55993078#55993078

@jnthmota

This comment has been minimized.

Copy link

@jnthmota jnthmota commented Jun 7, 2021

Thank so much!
I changed
git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"
to
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

on windows

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment