Skip to content

Instantly share code, notes, and snippets.

@paolocarrasco

paolocarrasco/README.md

Last active February 10, 2025 15:41
Show Gist options
  • Save paolocarrasco/18ca8fe6e63490ae1be23e84a7039374 to your computer and use it in GitHub Desktop.
Save paolocarrasco/18ca8fe6e63490ae1be23e84a7039374 to your computer and use it in GitHub Desktop.
Download ZIP
How to understand the `gpg failed to sign the data` problem in git
Raw
README.md

Problem

You have installed GPG, then tried to commit and suddenly you see this error message after it:

error: gpg failed to sign the data
fatal: failed to write commit object

Debug

For understanding what's going on, first check what git is doing, so add GIT_TRACE=1 at the beginning of the command you used before (git commit or git rebase):

GIT_TRACE=1 git commit

With that you can see what GPG is doing: Probably you will see something like this

10:37:22.346480 run-command.c:637       trace: run_command: gpg --status-fd=2 -bsau <your GPG key>

(Check if your GPG key is correct)

Execute that gpg command again in the command line:

gpg --status-fd=2 -bsau <your GPG key>

👆🏻 With this now you could see what happened in detail!

Solutions

We can have many problems, but I list what I found:

  1. It could be that the GPG key was expired: https://stackoverflow.com/a/47561300/532912

  2. Another thing could be that the secret key was not set properly (In my case the message said gpg: signing failed: No secret key as it can be see in the image below). image It means that is not finding the key that was set. You would need to set up the GPG key in Git (again):

    • List the secret keys available in GPG.
    gpg --list-secret-keys --keyid-format=long
    • Copy your key
    • Set your key for your user in git
    git config --global user.signingkey <your key>

  3. Another popular solution that could help was shared here by @NirajanMahara: https://gist.github.com/paolocarrasco/18ca8fe6e63490ae1be23e84a7039374?permalink_comment_id=3767413#gistcomment-3767413

  4. You can see in the thread of this gist other ways to find the solution to other problems. I recommend to read the Github guide for signing commits with GPG.

Hope it helps!

@shink
Copy link

shink commented May 20, 2024

@NirajanMahara Thanks so much! It works for me.

@ksuderman
Copy link

After upgrading my OSX to Monterey it stoped to work without reason. The GIT_TRACE didn't help to much because everything was correctly set. In the end I reinstalled the GPG Sutie via brew with the command brew reinstall --cask gpg-suite and it fixed the issue.

Thanks @tmoreira2020 after trying all the other solutions Google led me to, this is the one that worked for me.

@MdSadiqMd
Copy link

This had worked for me
delete the .gnupg folder

rm -rf ~/.gnupg/

and again generate the keys with

gpg --full-generate-key

@jlschrag
Copy link

I ran this issue because I had a repo holding onto an expired local key, while I was trying to use a global key. So, even though I had run git config --global user.signingkey ABCDE, it wasn't using key ABCDE. If I ran GIT_TRACE as described above, then pulled out the gpg2 --status-fd=2 -bsau FEDCBA & ran it separately, I would get

gpg: skipped "FEDCBA": No secret key

[GNUPG:] INV_SGNR 9 FEDCBA

[GNUPG:] FAILURE sign 17

Confirmed the repo was reference the expired key by running git config --get user.signingkey. Fix was to run git config --unset user.signingkey which removed the local key. Thereafter, the repo used the global key (ABCDE).

@tucq88
Copy link

tucq88 commented Jul 22, 2024

On MacOS, I have to install pinentry-mac to enter passphrase

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

This is the true solution 👍

This worked for me as well. Thanks @bdangeb6tp !!

Still works in July 2024

@jonathanlbt1
Copy link

git config --global gpg.program 'C:\Program Files (x86)\GnuPG\bin\gpg.exe'

Thank you for your help! It worked for me!

@vinicius-oa
Copy link

After upgrading my OSX to Monterey it stoped to work without reason. The GIT_TRACE didn't help to much because everything was correctly set. In the end I reinstalled the GPG Sutie via brew with the command brew reinstall --cask gpg-suite and it fixed the issue.

Doing this resolved my issue. Thanks!

That helped me, thanks!

@barraIhsan
Copy link

I you're on WSL2, maybe this can help:

* Add those lines to `~/.gnupg/gpg.conf`
  ```
  use-agent 
  pinentry-mode loopback
  ```

* Add this line to `~/.gnupg/gpg-agent.conf`
  ```
  allow-loopback-pinentry
  ```

OMG tysm, I literally had no idea why gpg just froze and have to wait like 5 minute to prompt the passphrase, that sometimes even broken (i typed correctly but it still said incorrect). TYSM

@weskoerber
Copy link

In my case, the error was caused because I wrote the config line as signkey instead of signingkey...

@aali309
Copy link

aali309 commented Sep 12, 2024
edited
Loading

I you're on WSL2, maybe this can help:

  • Add those lines to ~/.gnupg/gpg.conf 
    use-agent 
pinentry-mode loopback
  • Add this line to ~/.gnupg/gpg-agent.conf 
    allow-loopback-pinentry

This worked for me after trying all methods to resolve with m3 chip

below was my error when signing commits


14:40:24.528193 exec-cmd.c:139          trace: resolved executable path from Darwin stack: /Library/Developer/CommandLineTools/usr/bin/git
14:40:24.528684 exec-cmd.c:238          trace: resolved executable dir: /Library/Developer/CommandLineTools/usr/bin
14:40:24.529477 git.c:460               trace: built-in: git commit -S -m 'signed commit'
14:40:24.533313 run-command.c:655       trace: run_command: gpg --status-fd=2 -bsau <gpgKey>
error: gpg failed to sign the data
fatal: failed to write commit object

@ijkeleher-anz
Copy link

On MacOS, I have to install pinentry-mac to enter passphrase

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

Thanks for this!

10th-Jan-2024; Still works (mac m1)

And still working in September 2024, cheers!

@kyteidev
Copy link

kyteidev commented Oct 2, 2024

On MacOS, I have to install pinentry-mac to enter passphrase

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

Thanks for this!
10th-Jan-2024; Still works (mac m1)

And still working in September 2024, cheers!

also works for me

@peachey-nhs
Copy link

git config --unset user.signingkey

Worked for me. Thanks!

@mochadwi
Copy link

mochadwi commented Oct 9, 2024

On MacOS, I have to install pinentry-mac to enter passphrase

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

thankks for this!

@awatson32
Copy link

On MacOS, I have to install pinentry-mac to enter passphrase

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

Well over a year later and this solved the problem for me!

@chrismejia
Copy link

What worked for me was slightly different than brew install pinentry-mac

I instead used reinstall since it was already installed.

brew reinstall pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

Just encountered this issue as well; this worked for me. 👍 Thank you!

@sultanovich
Copy link

Thanks @paolocarrasco , Your recommendation on how to get the error message allowed me to solve this problem.

Environment

Distributor ID: Debian
Description:    Debian GNU/Linux 12 (bookworm)
Release:        12
Codename:       bookworm
$ git --version
git version 2.39.5

$ gpg --version | head -n3
gpg (GnuPG) 2.2.40
libgcrypt 1.10.1
Copyright (C) 2022 g10 Code GmbH

Problem

When I tried to send a change to my working branch I got the error described in the first comment. Including the debug I see the following:

$ GIT_TRACE=1 git commit -m "fix(servers): test fix 2859"
15:04:28.454825 git.c:460               trace: built-in: git commit -m 'fix(servers): test fix 2859'
15:04:28.471940 run-command.c:655       trace: run_command: gpg --status-fd=2 -bsau 6F5xxxx07
error: gpg failed to sign the data
fatal: failed to write commit object
$ echo "test" |  gpg --status-fd=2 -bsau 6F5xxxx07
[GNUPG:] KEY_CONSIDERED 7CE67A6AAC81CD865BC779D36F5xxxx07 2
[GNUPG:] BEGIN_SIGNING H10
[GNUPG:] PINENTRY_LAUNCHED 1798 curses 1.2.1 - xterm-256color - - 1000/1000 -
gpg: signing failed: Inappropriate ioctl for device
[GNUPG:] FAILURE sign 83918950
gpg: signing failed: Inappropriate ioctl for device

Solution

In my case, setting the pinentry value in the gpg-agent didn't work. But forcing the GPG_TTY variable to have the correct value without having to install additional packages did. The error probably occurs in this environment because it is a reduced installation without a graphical environment. I have not had errors like this before in Debian.

$ apt list --installed 2>/dev/null| grep pinentry
pinentry-curses/stable,now 1.2.1-1 amd64 [installed]
pinentry-tty/stable,now 1.2.1-1 amd64 [installed]

Therefore, the solution was to set the GPG_TTY variable and force it to be exported in new sessions.

$ export GPG_TTY=$(tty)
$ echo "export GPG_TTY=$(tty)" >> ~/.bashrc

@Daxtor134
Copy link

On MacOS, I have to install pinentry-mac to enter passphrase

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

This is the true solution 👍

Thank you. I have been looking for a good solution, installed pinentry-mac from Brew but then got lost on why it wouldn't work lol.

@standiki
Copy link

standiki commented Feb 2, 2025

If this was your error:

error: gpg failed to sign the data
fatal: failed to write commit object

Enabling a PIN or passphrase should solve your problem. Use the link below and scroll down to option number: 8, for the instructions on how to enable a PIN or passphrase. Thank you

https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key

@2oji
Copy link

2oji commented Feb 10, 2025

I have followed below steps to make it work.

displaying-verification-statuses

gpg --version
gpg (GnuPG) 2.2.4
libgcrypt 1.8.1

Generating a new GPG key

gpg --full-generate-key

  1. Enter kind of key
  2. Enter key size
  3. Enter validity time as 1w
  4. Enter Any name
  5. Enter email id of git config --local user.email
  6. Enter passphrase.

Show keys

gpg --list-secret-keys --keyid-format=long

gpg --armor --export 57F4FA608D45BAB9 add this in Github account

git config --global --unset gpg.format

git config --global user.signingkey 57F4FA608D45BAB9

Below command shows error

GIT_TRACE=1 git commit -S -m "New"
20:12:12.634411 git.c:344               trace: built-in: git commit -S -m New
20:12:12.635410 run-command.c:646       trace: run_command: gpg --status-fd=2 -bsau 57F4FA608D45BAB9
error: gpg failed to sign the data
fatal: failed to write commit object

It stuck here

gpg --status-fd=2 -bsau 57F4FA608D45BAB9
[GNUPG:] KEY_CONSIDERED ECC43CBF86A5676302D329A157F4FA608D45BAB9 2
[GNUPG:] BEGIN_SIGNING H10

Error

echo "test" | gpg --clearsign
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

test
gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device

export GPG_TTY=$(tty) It make it work.

PASS
echo "test" | gpg --clearsign

gpg --list-secret-keys --keyid-format=long
gpg --full-generate-key
gpg --list-secret-keys --keyid-format=long
gpg --armor --export 4345F02F0FDBDC48
git config --global user.signingkey 4345F02F0FDBDC48!
echo "test" | gpg --clearsign
GIT_TRACE=1 git commit -S -m "new GPG key"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment