Skip to content

Instantly share code, notes, and snippets.

@BoGnY
Last active November 13, 2024 22:02
Show Gist options
  • Save BoGnY/f9b1be6393234537c3e247f33e74094a to your computer and use it in GitHub Desktop.
Save BoGnY/f9b1be6393234537c3e247f33e74094a to your computer and use it in GitHub Desktop.
[WINDOWS] How to enable auto-signing Git commits with GnuPG for programs that don't support it natively

[WINDOWS] How to enable auto-signing Git commits with GnuPG for programs that don't support it natively

This is a step-by-step guide on how to enable auto-signing Git commits with GPG for every applications that don't support it natively (eg. GitHub Desktop, Eclipse, Git Tower, ...)

Requirements

  • Install GPG4Win: this software is a bundle with latest version of GnuPG v2, Kleopatra v3 certificate manager, GNU Privacy Assistant (GPA) v0.9 which is a GUI that uses GTK+, GpgOL and GpgEX that are respectively an extension for MS Outlook and an extension for Windows Explorer shell
  • Install Git for Windows: so you can have a *nix based shell, this software is a bundle with latest version of Git which use MINGW environment, a Git bash shell, a Git GUI and an extension for Windows Explorer shell (Make sure your local version of Git is at least 2.0, otherwise Git don't have support for automatically sign your commits)
  • Verify if Git was successfully installed with:
    $ git --version
    # git version 2.15.1.windows.2

Remember that Git for Windows install old 1.4.xx version of GnuPG (provided through MINGW environment), but this is irrelevant, as we are going to manually specify which GnuPG program our Git must be using (which is the GnuPG version installed by GPG4Win)!

Setup

  • Install your favorite IDE with Git support, like:
  • Generate your GPG keys: visit https://help.github.com/articles/generating-a-new-gpg-key/ for a completed and detailed instructions, or otherwise use Kleopatra manager (Notes: key size should be at least 2048 bits, but 4096 is better; key should probably not expire; and you can append multiple email addresses to your GPG key)
  • Verify installation of your key:
    $ gpg --list-secret-keys --keyid-format LONG
    # /c/Users/BoGnY/.gnupg/secring.gpg
    # ----------------------------------
    # sec   4096R/E870EE00B5D90537 2017-12-31 [expires: 2021-12-31]
    # uid                          John Smith <[email protected]>
    # ssb   4096R/F9E3E72EBBFDCFD6 2017-12-31
  • Generate your revocation certificate: this command create a .rev file, that is needed to revocate a public key shared in a key server.
    $ gpg --gen-revoke E870EE00B5D90537
  • Share your public key: this command will never send a private key!!!
    $ gpg --send-keys E870EE00B5D90537
  • Add public GPG key to GitHub: open https://github.com/settings/keys then click "New GPG key", paste your public key and click "Add GPG key"
  • Set up Git to auto-sign all commits: this change your global configuration of Git, if you would like to add auto-sign on a single repository, remove --global from command
    $ git config --global user.signingkey E870EE00B5D90537
    $ git config --global commit.gpgsign true
  • Set up Git to use a custom GPG program:
    $ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"
  • Optional: try disable TTY if you have problems with making auto-signed commits from your IDE or other software
    $ echo 'no-tty' >> ~/.gnupg/gpg.conf
    In my specific case, this point was mandatory.

Usage

Simple press "Commit" button on your favorite IDE, you see a simple window that ask your key password!

Remember that GPG4Win install also a GPG agent, that remember your password for a limited times (I think 30 minutes) by default, so you don't have to enter your password every time!! (IMHO there is a setting for change it, but I haven't search it yet).

That's all!

@noxifoxi
Copy link

Thank so much!
I changed
git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"
to
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

on windows

same.
Setting this config entry also was mandatory. I wasn't sure what issued the "git gpg skipped ... no secret key" error message, but now I know it was this line.

@Manik-khosla
Copy link

Thank you ! It worked for me.

@L32GIT
Copy link

L32GIT commented Dec 3, 2021

Couldn't get this to work even after reading all the comments.
I've posted a related question on https://stackoverflow.com/questions/70212042/eclipse-unable-to-find-a-gpg-key-for-signing-verify-through-eclipse

If it will be answered there, then it'll help those who still can't get this to work from Eclipse.

@exoosh
Copy link

exoosh commented Feb 15, 2022

When another GPG instance (same major version, though!) uses a different directory for the databases, you can always point them to the correct one using the GNUPGHOME environment variable.

Another way is to create a junction point or symbolic link from %USERPROFILE%\.gnupg to %USERPROFILE%\.gnupg, that is either (after moving the old %USERPROFILE%\.gnupg out of the way):

mklink /j "%USERPROFILE%\.gnupg" "%USERPROFILE%\.gnupg"

or (this requires to be run in an elevated prompt, unless the option to create symbolic links was enabled for the current user, e.g. via the Git for Windows installer):

mklink /d "%USERPROFILE%\.gnupg" "%USERPROFILE%\.gnupg"

From experience the respective files can live side by side peacefully. I have not heard of another location used by GnuPG flavors on Windows. But if they exist, you can always point them all to the same directory. However, keep in mind that 1.x and 2.x versions use different databases altogether, so this still doesn't iron out all issues.

@nnzv
Copy link

nnzv commented Aug 18, 2022

Great !

@rnmeow
Copy link

rnmeow commented Aug 27, 2022

Thx a lot and works.
ps. I use

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

for Git-SCM.

@alejoriosm04
Copy link

alejoriosm04 commented Jan 2, 2023

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change

$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

to

$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"

and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.

My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

Thank you so much! It works. However, if you continue having problems, repeat these steps again: Telling Git about your GPG key.

@iamwarning
Copy link

Thx a lot and works. ps. I use

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

for Git-SCM.

Another alternative without quotes:

 git config --global gpg.program C:\PROGRA~2\GnuPG\bin\gpg.exe

@rnmeow
Copy link

rnmeow commented Feb 13, 2023

Another alternative without quotes:

 git config --global gpg.program C:\PROGRA~2\GnuPG\bin\gpg.exe

Thanks for the addition!

@exoosh
Copy link

exoosh commented Feb 14, 2023

Another alternative without quotes:

 git config --global gpg.program C:\PROGRA~2\GnuPG\bin\gpg.exe

A word of caution: 1.) short file name creation may be disabled (fsutil 8dot3name set 1) 2.) technically C:\PROGRA~2 could be another directory than C:\Program Files (x86). That said, if it works this should be fine anyway. But these are caveats to be aware of.

@KayvanShah1
Copy link

I figured out my issue. I was using Git Bash instead of cmd.exe or PowerShell. This was using a different gpg which was putting the GPG keys in a location that /c/Program Files (x86)/GnuPG/bin/gpg.exe didn't know about. All I had to do was change
$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"
to
$ git config --global gpg.program "/c/Program Files/Git/usr/bin/gpg.exe"
and everything worked. I've uninstalled GPG4Win as it seems that it wasn't actually needed.
My version of git is now 2.19.0.windows.1, and gpg is 2.2.9-unknown

Yep, this was also my problem. If you manually install GPG command line tools, you end up having two gpg.exe inside git-bash.exe. This can be verified by typing where gpg inside Git Bash. Cheers, mate!

THISS x 1000000 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

THANK YOU!!!! - Windows 10 , Followed GitHub Instuctions, Got Wrecked before this helpfull post. Thanks!!

But you have to enter the passphrase again and again?

@BoGnY
Copy link
Author

BoGnY commented Jul 11, 2024

@KayvanShah1 commented on Jun 25, 2024, 8:15 PM GMT+2:

But you have to enter the passphrase again and again?

must be entered the first time you make a commit after every start/reboot..
the first sign starts the gpg-agent which keep passphrase in memory until shutdown/reboot

however, I don't use anymore gpg4win, I use the gpg bundled with git for windows (C:\Program Files\Git\usr\bin\gpg.exe)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment