Skip to content

Instantly share code, notes, and snippets.

@ariesmcrae

ariesmcrae/sign-git-commit-with-gpg.md

Created March 31, 2024 05:17
Show Gist options
  • Save ariesmcrae/e00a7c4bb82d5a26aa61bb1c014ab032 to your computer and use it in GitHub Desktop.
Save ariesmcrae/e00a7c4bb82d5a26aa61bb1c014ab032 to your computer and use it in GitHub Desktop.
Download ZIP
Sign git commits with GPG
Raw
sign-git-commit-with-gpg.md

Sign git commits with GPG

  1. For macOS, brew install gnupg

  2. Follow instructions here https://docs.gitlab.com/ee/user/project/repository/signed_commits/gpg.html

  3. Your .gitconfig should look like this:

[user]
  name = Aries McRae
  email = aries.mcrae@me.com
  signingkey = 30F2B65B9246B6CA
[commit]
  gpgsign = true
[gpg]
  program = gpg

Troubleshooting

Error when commiting:

error: gpg failed to sign the data
fatal: failed to write commit object

Solution

Git is unable to access your GPG key to sign your commit.

  1. Check GPG Installation: Ensure that GPG is correctly installed on your system. You can verify this by running gpg --version in your terminal. If GPG is not installed, you'll need to install it.

  2. List GPG Keys: Verify that your GPG key exists and is correctly listed by running gpg --list-secret-keys --keyid-format LONG. This command should list the key with the ID 30F2B65B9246B6CA. If it's not listed, the issue might be that Git cannot find the correct GPG key for signing.

  3. Configure GPG Key in Git Correctly: Make sure that the key ID specified in your .gitconfig matches exactly with one of the keys listed by the gpg --list-secret-keys command. The key ID should be a 16-character (or sometimes longer) string.

  4. GPG TTY: Ensure that GPG can prompt for your passphrase by setting the GPG_TTY environment variable. Add the following line to your shell profile (.bashrc, .bash_profile, .zshrc, etc.):

  export GPG_TTY=$(tty)

After adding this line, restart your terminal or source your profile script with source ~/.zshrc (or equivalent for your shell).

  1. Git Configuration to Use GPG: Verify that Git is configured to use the correct GPG program. If you have both GPG1 (gpg) and GPG2 (gpg2) installed, ensure your .gitconfig points to the correct version. You can specify which GPG program Git should use with the following command:

    git config --global gpg.program gpg

    Adjust gpg to gpg2 if you're using GPG2.

  2. Check for GPG Agent Issues: Sometimes, the error can be caused by issues with the GPG agent, especially if it's not prompting for your passphrase. Try running a GPG command that requires a signature to see if you're prompted for a passphrase:

    echo "test" | gpg --clearsign

    If you're not prompted for a passphrase, there might be an issue with your GPG agent setup.

  3. Permissions Issue: Ensure that the permissions of your GPG keyring files are set correctly. They should be readable and writable only by you. Incorrect permissions can prevent GPG from accessing your keys.

If you've gone through these steps and the issue persists, it might be worth checking the specific error messages from GPG. You can increase the verbosity of GPG's output by running:

GIT_TRACE=1 GIT_CURL_VERBOSE=1 git commit -m "Your commit message"

This command might provide more detailed error messages that can help pinpoint the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment