Skip to content

Instantly share code, notes, and snippets.

@paolocarrasco
Last active July 12, 2024 06:55
Show Gist options
  • Save paolocarrasco/18ca8fe6e63490ae1be23e84a7039374 to your computer and use it in GitHub Desktop.
Save paolocarrasco/18ca8fe6e63490ae1be23e84a7039374 to your computer and use it in GitHub Desktop.
How to understand the `gpg failed to sign the data` problem in git

Problem

You have installed GPG, then tried to commit and suddenly you see this error message after it:

error: gpg failed to sign the data
fatal: failed to write commit object

Debug

For understanding what's going on, first check what git is doing, so add GIT_TRACE=1 at the beginning of the command you used before (git commit or git rebase):

GIT_TRACE=1 git commit

With that you can see what GPG is doing: Probably you will see something like this

10:37:22.346480 run-command.c:637       trace: run_command: gpg --status-fd=2 -bsau <your GPG key>

(Check if your GPG key is correct)

Execute that gpg command again in the command line:

gpg --status-fd=2 -bsau <your GPG key>

👆🏻 With this now you could see what happened in detail!

Solutions

We can have many problems, but I list what I found:

  1. It could be that the GPG key was expired: https://stackoverflow.com/a/47561300/532912

  2. Another thing could be that the secret key was not set properly (In my case the message said gpg: signing failed: No secret key as it can be see in the image below). image It means that is not finding the key that was set. You would need to set up the GPG key in Git (again):

    • List the secret keys available in GPG.
    gpg --list-secret-keys --keyid-format=long
    • Copy your key
    • Set your key for your user in git
    git config --global user.signingkey <your key>
  3. Another popular solution that could help was shared here by @NirajanMahara: https://gist.github.com/paolocarrasco/18ca8fe6e63490ae1be23e84a7039374?permalink_comment_id=3767413#gistcomment-3767413

  4. You can see in the thread of this gist other ways to find the solution to other problems. I recommend to read the Github guide for signing commits with GPG.

Hope it helps!

@Pablo-pixtm-365
Copy link

Pablo-pixtm-365 commented Dec 13, 2023

I tried differents solutions:

1.- Change the path in "git config --global gpg.program"
2.- See if there were any misspelled variables
3.- echo "test" | gpg --clearsign

But they didn't work.

Finally the solution was run:

git config --global gpg.program gpg

if you use gpg2, change gpg for gpg2

I hope this solution works for you

@scotteg
Copy link

scotteg commented Dec 25, 2023

After upgrading my OSX to Monterey it stoped to work without reason. The GIT_TRACE didn't help to much because everything was correctly set. In the end I reinstalled the GPG Sutie via brew with the command brew reinstall --cask gpg-suite and it fixed the issue.

Doing this resolved my issue. Thanks!

@JorgeNachtigall
Copy link

I you're on WSL2, maybe this can help:

  • Add those lines to ~/.gnupg/gpg.conf
    use-agent 
    pinentry-mode loopback
    
  • Add this line to ~/.gnupg/gpg-agent.conf
    allow-loopback-pinentry
    

GOAT, it worked

@EfrainOlivaresEv
Copy link

🙏
Saved me lots more time after spending a bunch of time debugging ...

@EvieePy
Copy link

EvieePy commented Jan 3, 2024

After spending hours debugging this, the problem was that I was using single quotes for this command, E.g:
git config --global gpg.program 'C:\Program Files (x86)\GnuPG\bin\gpg.exe'

Instead of double quotes, like so:
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

Thanks for the help though!

@SelinaRaynor
Copy link

Thanks for helping me out :)

@syedamanat
Copy link

syedamanat commented Jan 10, 2024

On MacOS, I have to install pinentry-mac to enter passphrase

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

Thanks for this!

10th-Jan-2024; Still works (mac m1)

@Jphn
Copy link

Jphn commented Jan 11, 2024

Thanks man, it worked for me!

@adriguerra
Copy link

My issue was that I had added the PGP key with my email, while my commits on the repo were signed with my GitHub-provided noreply email address.

To solve this issue, I had to run gpg --edit-key [your key] followed by gpg> adduid to add the second email address.

https://docs.github.com/en/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key

@HimangshuDe
Copy link

HimangshuDe commented Feb 17, 2024

Hello Devs,
Since I am a newcomer to git and GitHub. I have also faced the same problem. Let me state that in detail below.

Problems I have faced:

  1. I have installed git and have generated ssh-key from there and added it to my GitHub account. It worked.

  2. I have installed GPG program for adding GPG key into my account and added to git thereafter. I did all the necessary steps. Added that into my account. Worked fine.

  3. Now whenever I commit any changes, I get that error.

Solution: [Worked in my case]

Since I am on Windows system. I did the following steps that resolved my problem.

  1. Run "Windows Powershell" in admin mode.

  2. Then I set the Execution Policy to AllSigned through this command Set-ExecutionPolicy AllSigned. After that press A and hit Enter.
    Screenshot 2024-02-17 220040

  3. Then I regenerated the GPG key and added that to git and also in my GitHub account.

  4. I went ahead and did the commit, it worked fine!
    Screenshot 2024-02-17 215713

My System Details:

  1. Windows 10 Pro v22H2 [Activated]
  2. Intel i5-3570K CPU Quad Core (Ivy Bridge codename)
  3. 8GB installed DDR3 RAM

Hope you may find this useful!

Regards!
Happy Coding

@usoro007
Copy link

@NirajanMahara
You saved the day and allowed me to get some rest! Thank you!

@danielfromCL
Copy link

Thanks for the help, worked for me! 🙌

@BakiVernes
Copy link

GOAT 🐐

@Impa10r
Copy link

Impa10r commented Mar 24, 2024

gpg --status-fd=2 -bsau F93581548CDBCCB7
[GNUPG:] KEY_CONSIDERED E4C9A7533D31D43B288E162FF93581548CDBCCB7 2
[GNUPG:] BEGIN_SIGNING H10

and it just hangs there.

Hello, did you find the solution? It obviously waits for the password. I am on Ubuntu and I had the same problem when creating the key, used some tricks from here. But now am stuck when trying to use the key for the first time. Can't believe this is so hard to do.

@hu-qi
Copy link

hu-qi commented Mar 24, 2024

I tried differents solutions:我尝试了不同的解决方案:

1.- Change the path in "git config --global gpg.program"1.- 更改“git config --global gpg.program”中的路径 2.- See if there were any misspelled variables 2.- 查看是否有任何拼写错误的变量 3.- echo "test" | gpg --clearsign 3.- 回显“测试” | gpg--clearsign

But they didn't work.但他们没有工作。

Finally the solution was run:最后运行解决方案:

git config --global gpg.program gpg

if you use gpg2, change gpg for gpg2如果您使用gpg2,请将gpg更改为gpg2

I hope this solution works for you我希望这个解决方案适合您

Thanks, It worked for me!

@zrajeev
Copy link

zrajeev commented Mar 25, 2024

On MacOS, I have to install pinentry-mac to enter passphrase

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

This is the true solution 👍

@bdangeb6tp
Copy link

bdangeb6tp commented Mar 27, 2024

What worked for me was slightly different than brew install pinentry-mac

I instead used reinstall since it was already installed.

brew reinstall pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

@JordanUnderwood12
Copy link

I was also having a similar problem, but now everything is good.

@Fuseteam
Copy link

Fuseteam commented Apr 10, 2024

gpg --status-fd=2 -bsau F93581548CDBCCB7
[GNUPG:] KEY_CONSIDERED E4C9A7533D31D43B288E162FF93581548CDBCCB7 2
[GNUPG:] BEGIN_SIGNING H10

and it just hangs there.

Hello, did you find the solution? It obviously waits for the password. I am on Ubuntu and I had the same problem when creating the key, used some tricks from here. But now am stuck when trying to use the key for the first time. Can't believe this is so hard to do.

i also ran into this, i managed to workaround it using this @NirajanMahara steps at https://gist.github.com/paolocarrasco/18ca8fe6e63490ae1be23e84a7039374?permalink_comment_id=3767413#gistcomment-3767413; by doing that it prompts for the password, after which it just works. i suppose there should be a way to configure gpg to prompt for a password properly

@saadazghour
Copy link

saadazghour commented Apr 10, 2024

I'm on Ubuntu, Thanks @NirajanMahara ,It's worked for me 👍

@MuhanguziDavid
Copy link

On MacOS, I have to install pinentry-mac to enter passphrase

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

Thank you!

@robrakaric
Copy link

My issue was that I had added the PGP key with my email, while my commits on the repo were signed with my GitHub-provided noreply email address.

To solve this issue, I had to run gpg --edit-key [your key] followed by gpg> adduid to add the second email address.

https://docs.github.com/en/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key

This worked for me! Thanks

@bitsector
Copy link

On MacOS, I have to install pinentry-mac to enter passphrase

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

This is the true solution 👍

This worked for me as well. Thanks @bdangeb6tp !!

@shink
Copy link

shink commented May 20, 2024

@NirajanMahara Thanks so much! It works for me.

@ksuderman
Copy link

After upgrading my OSX to Monterey it stoped to work without reason. The GIT_TRACE didn't help to much because everything was correctly set. In the end I reinstalled the GPG Sutie via brew with the command brew reinstall --cask gpg-suite and it fixed the issue.

Thanks @tmoreira2020 after trying all the other solutions Google led me to, this is the one that worked for me.

@MdSadiqMd
Copy link

This had worked for me
delete the .gnupg folder

rm -rf ~/.gnupg/

and again generate the keys with

gpg --full-generate-key

@jlschrag
Copy link

I ran this issue because I had a repo holding onto an expired local key, while I was trying to use a global key. So, even though I had run git config --global user.signingkey ABCDE, it wasn't using key ABCDE. If I ran GIT_TRACE as described above, then pulled out the gpg2 --status-fd=2 -bsau FEDCBA & ran it separately, I would get

gpg: skipped "FEDCBA": No secret key

[GNUPG:] INV_SGNR 9 FEDCBA

[GNUPG:] FAILURE sign 17

Confirmed the repo was reference the expired key by running git config --get user.signingkey. Fix was to run git config --unset user.signingkey which removed the local key. Thereafter, the repo used the global key (ABCDE).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment