How to understand the `gpg failed to sign the data` problem in git

README.md

Problem

You have installed GPG, then tried to commit and suddenly you see this error message after it:

error: gpg failed to sign the data
fatal: failed to write commit object

Debug

For understanding what's going on, first check what git is doing, so add GIT_TRACE=1 at the beginning of the command you used before (git commit or git rebase):

GIT_TRACE=1 git commit

With that you can see what GPG is doing: Probably you will see something like this

10:37:22.346480 run-command.c:637       trace: run_command: gpg --status-fd=2 -bsau <your GPG key>

(Check if your GPG key is correct)

Execute that gpg command again in the command line:

gpg --status-fd=2 -bsau <your GPG key>

👆🏻 With this now you could see what happened in detail!

Solutions

We can have many problems, but I list what I found:

1. It could be that the GPG key was expired: https://stackoverflow.com/a/47561300/532912

2. Another thing could be that the secret key was not set properly (In my case the message said gpg: signing failed: No secret key as it can be see in the image below). It means that is not finding the key that was set. You would need to set up the GPG key in Git (again):

   • List the secret keys available in GPG.

   gpg --list-secret-keys --keyid-format=long

   • Copy your key
   • Set your key for your user in git

   git config --global user.signingkey <your key>

3. Another popular solution that could help was shared here by @NirajanMahara: https://gist.github.com/paolocarrasco/18ca8fe6e63490ae1be23e84a7039374?permalink_comment_id=3767413#gistcomment-3767413

4. You can see in the thread of this gist other ways to find the solution to other problems. I recommend to read the Github guide for signing commits with GPG.

Hope it helps!

I'm posting in case this helps fellow travelers.

I learned today that your terminal window can be too small for GPG, which outputs similar errors to the above. When I'm in an ssh session I like to avoid the non-terminal display popup, obviously, so I use some environment variables for configuration.

In particular, I set GPG_TTY and, if in an ssh session, PINENTRY_USER_DATA to the following:

# in my $HOME/.bashrc
export GPG_TTY=$(tty)
if [[ -n "$SSH_CONNECTION" ]]; then
    export PINENTRY_USER_DATA="USE_CURSES=1"
fi

See https://stackoverflow.com/q/41052538 for additional details.

Note: you'll probably need to set GIT_SSH_COMMAND as well to point to your key for source control, depending on your setup.

I found this post very usefull! However my problem was that there was a comment in the GPG key, so the key was not found corretly with only the user.name and user.email config of git.

If your GPG key has a comment like:

test@pcname:~$ gpg --list-secret-keys
/home/test/.gnupg/pubring.kbx
-------------------------------
sec   rsa4096 2020-04-26 [SC]
      YOURKEY
uid           [ultimate] Test User (comment) <[email protected]>
ssb   rsa4096 2020-04-26 [E]

but your git config is only:

test@pcname:~$ git config --get-all user.name
Test User
test@pcname:~$ git config --get-all user.email
[email protected]

then the call to GIT_TRACE=1 git commit -m "test commit" will result in

10:12:55.318107 git.c:439               trace: built-in: git commit -m 'test commit'
10:12:55.318852 run-command.c:663       trace: run_command: gpg --status-fd=2 -bsau 'Test User <[email protected]>'
error: gpg failed to sign the data

where the comment is missing and gpg won't find the correct key. So you have to set it with

git config --global user.signingkey YOURKEY

Thank you for this

After 4 hours of frustrating attempts to fix this error, no answer I could find anywhere would work.
But I finally got it to work by using Kleopatra (installed along gpg4win).

1. Make a new pair of keys in Kleopatra (ctrl + n)
2. Select OpenPGP
3. Enter your name and email
4. Protect keys with a password
5. And in the advanced settings you need to select RSA 4096bit

Keys generated in the git bash wouldn't work for me, but ones made with the way I described above do work and I can sign my commits in git bash, github desktop, visual studio, visual studio code without any issue.

After hours of looking for a solution, only @exostin's approach worked for me, thank you!

for users using webstorm , commit from terminal only
webstrom's terminal giving error:
error: gpg failed to sign the data
fatal: failed to write commit object

to fix this issue use OS terminal

Tbh I can't remember how I set that up, but I have used some command to automatically launch gpg signing client in background when opening git bash - that way I need to open git bash once, then I can close it and use other programs to manage my commits without any issue

Hi there, i try myself to use my signikey on a new project.
Of course, i get this on InteeliJ terminal:
error: gpg failed to sign the data fatal: failed to write commit object
I try a lot of solution, like to commit on a terminal out of the IDE. Same results.
Dawn, i dont understand why at now, it dont work without this angry states.

It could also be due to the fact that you need to enter a password. Run ssh-add before committing.

It seems for every branch I have, I need to execute the export GPG_TTY=$(tty) command before committing.

Is there anyway around this?

@NirajanMahara

Your steps worked. Thank you very much!

Your solution worked for me. Thank you

Thanks, the steps worked for me

Fix propsed by @NirajanMahara worked for me, but It seems for every branch I have, I need to execute the export GPG_TTY=$(tty) command before committing.

NirajanMahara commented on 3 Jun 2021 worked for me :)

thanks @NirajanMahara

OMG, great work @NirajanMahara , thx! It helped me to move from Win to Mac

Thank you SO much @NirajanMahara !!

I found this post very usefull! However my problem was that there was a comment in the GPG key, so the key was not found corretly with only the user.name and user.email config of git.

@gatoniel Thank you! You are an absolute life saver, your solution worked perfectly for me.

@devturp add export GPG_TTY=$(tty) to your .bashrc and then you have to run the export command only for your first git commit after starting up your computer.
Reminder: Everytime you boot your computer you have to use the export command just once.

This comment fixed it for me.

Thanks, debug info: [GNUPG:] KEYEXPIRED, trace flag is awesome!

After upgrading my OSX to Monterey it stoped to work without reason. The GIT_TRACE didn't help to much because everything was correctly set. In the end I reinstalled the GPG Sutie via brew with the command brew reinstall --cask gpg-suite and it fixed the issue.

omg I just need to run export GPG_TTY=$(tty)

3. then use export GPG_TTY=$(tty)

lifesaver

dude that was a little bit overrated declaretion, its just my opinion

This option is for setting the path in .gitconfig to gpg.exe in the windows os environment.

[gpg]
program = C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe

@justinbalaguer solution worked for me here.

@exostin solution worked for me. Thanks

There's another situation:

sec   dsa3072/AAAAAAAAAAAAA 2010-05-05 [SC] [expires: 2030-05-05]
      BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
uid                 [ultimate] Author Name <[email protected]>

While GitHub documentation operates with AAAAAAAAAAAAA in sections when you need to create and register the key in GPG, git requires BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB, i.e. git config --global user.signingkey BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB, instead of git config --global user.signingkey AAAAAAAAAAAAA

Hopefully, it helps someone.

I got a case when signing suddenly stopped working. After a long fight nothing has helped except gpgconf --kill gpg-agent

If you are on Windows and have used GPG4Win to manage your keys then you need to set the GPG program path.

If you look at where your gpg instance comes from mine looked like

Get-Command gpg | select Source

My gpg path was C:\Program Files (x86)\Gpg4win\..\GnuPG\bin\gpg.exe. That's quite a weird path .

But technically it is the same as "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

So now set GIT to use this path:

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

Essentially it seemed that the gpg program that was being used was different to the one being run when I used gpg on the command line.