How to understand the `gpg failed to sign the data` problem in git

README.md

Problem

You have installed GPG, then tried to commit and suddenly you see this error message after it:

error: gpg failed to sign the data
fatal: failed to write commit object

Debug

For understanding what's going on, first check what git is doing, so add GIT_TRACE=1 at the beginning of the command you used before (git commit or git rebase):

GIT_TRACE=1 git commit

With that you can see what GPG is doing: Probably you will see something like this

10:37:22.346480 run-command.c:637       trace: run_command: gpg --status-fd=2 -bsau <your GPG key>

(Check if your GPG key is correct)

Execute that gpg command again in the command line:

gpg --status-fd=2 -bsau <your GPG key>

👆🏻 With this now you could see what happened in detail!

Solutions

We can have many problems, but I list what I found:

1. It could be that the GPG key was expired: https://stackoverflow.com/a/47561300/532912

2. Another thing could be that the secret key was not set properly (In my case the message said gpg: signing failed: No secret key as it can be see in the image below). It means that is not finding the key that was set. You would need to set up the GPG key in Git (again):

   • List the secret keys available in GPG.

   gpg --list-secret-keys --keyid-format=long

   • Copy your key
   • Set your key for your user in git

   git config --global user.signingkey <your key>

3. Another popular solution that could help was shared here by @NirajanMahara: https://gist.github.com/paolocarrasco/18ca8fe6e63490ae1be23e84a7039374?permalink_comment_id=3767413#gistcomment-3767413

4. You can see in the thread of this gist other ways to find the solution to other problems. I recommend to read the Github guide for signing commits with GPG.

Hope it helps!

I found this post very usefull! However my problem was that there was a comment in the GPG key, so the key was not found corretly with only the user.name and user.email config of git.

If your GPG key has a comment like:

test@pcname:~$ gpg --list-secret-keys
/home/test/.gnupg/pubring.kbx
-------------------------------
sec   rsa4096 2020-04-26 [SC]
      YOURKEY
uid           [ultimate] Test User (comment) <[email protected]>
ssb   rsa4096 2020-04-26 [E]

but your git config is only:

test@pcname:~$ git config --get-all user.name
Test User
test@pcname:~$ git config --get-all user.email
[email protected]

then the call to GIT_TRACE=1 git commit -m "test commit" will result in

10:12:55.318107 git.c:439               trace: built-in: git commit -m 'test commit'
10:12:55.318852 run-command.c:663       trace: run_command: gpg --status-fd=2 -bsau 'Test User <[email protected]>'
error: gpg failed to sign the data

where the comment is missing and gpg won't find the correct key. So you have to set it with

git config --global user.signingkey YOURKEY

Thank you for this

After 4 hours of frustrating attempts to fix this error, no answer I could find anywhere would work.
But I finally got it to work by using Kleopatra (installed along gpg4win).

1. Make a new pair of keys in Kleopatra (ctrl + n)
2. Select OpenPGP
3. Enter your name and email
4. Protect keys with a password
5. And in the advanced settings you need to select RSA 4096bit

Keys generated in the git bash wouldn't work for me, but ones made with the way I described above do work and I can sign my commits in git bash, github desktop, visual studio, visual studio code without any issue.

After hours of looking for a solution, only @exostin's approach worked for me, thank you!

for users using webstorm , commit from terminal only
webstrom's terminal giving error:
error: gpg failed to sign the data
fatal: failed to write commit object

to fix this issue use OS terminal

Tbh I can't remember how I set that up, but I have used some command to automatically launch gpg signing client in background when opening git bash - that way I need to open git bash once, then I can close it and use other programs to manage my commits without any issue

Hi there, i try myself to use my signikey on a new project.
Of course, i get this on InteeliJ terminal:
error: gpg failed to sign the data fatal: failed to write commit object
I try a lot of solution, like to commit on a terminal out of the IDE. Same results.
Dawn, i dont understand why at now, it dont work without this angry states.

It could also be due to the fact that you need to enter a password. Run ssh-add before committing.

It seems for every branch I have, I need to execute the export GPG_TTY=$(tty) command before committing.

Is there anyway around this?

@NirajanMahara

Your steps worked. Thank you very much!

Your solution worked for me. Thank you

Thanks, the steps worked for me

Fix propsed by @NirajanMahara worked for me, but It seems for every branch I have, I need to execute the export GPG_TTY=$(tty) command before committing.

NirajanMahara commented on 3 Jun 2021 worked for me :)

thanks @NirajanMahara

OMG, great work @NirajanMahara , thx! It helped me to move from Win to Mac

Thank you SO much @NirajanMahara !!

I found this post very usefull! However my problem was that there was a comment in the GPG key, so the key was not found corretly with only the user.name and user.email config of git.

@gatoniel Thank you! You are an absolute life saver, your solution worked perfectly for me.

@devturp add export GPG_TTY=$(tty) to your .bashrc and then you have to run the export command only for your first git commit after starting up your computer.
Reminder: Everytime you boot your computer you have to use the export command just once.

This comment fixed it for me.

Thanks, debug info: [GNUPG:] KEYEXPIRED, trace flag is awesome!

After upgrading my OSX to Monterey it stoped to work without reason. The GIT_TRACE didn't help to much because everything was correctly set. In the end I reinstalled the GPG Sutie via brew with the command brew reinstall --cask gpg-suite and it fixed the issue.

omg I just need to run export GPG_TTY=$(tty)

3. then use export GPG_TTY=$(tty)

lifesaver

dude that was a little bit overrated declaretion, its just my opinion

This option is for setting the path in .gitconfig to gpg.exe in the windows os environment.

[gpg]
program = C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe

@justinbalaguer solution worked for me here.

@exostin solution worked for me. Thanks

There's another situation:

sec   dsa3072/AAAAAAAAAAAAA 2010-05-05 [SC] [expires: 2030-05-05]
      BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
uid                 [ultimate] Author Name <[email protected]>

While GitHub documentation operates with AAAAAAAAAAAAA in sections when you need to create and register the key in GPG, git requires BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB, i.e. git config --global user.signingkey BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB, instead of git config --global user.signingkey AAAAAAAAAAAAA

Hopefully, it helps someone.

I got a case when signing suddenly stopped working. After a long fight nothing has helped except gpgconf --kill gpg-agent

If you are on Windows and have used GPG4Win to manage your keys then you need to set the GPG program path.

If you look at where your gpg instance comes from mine looked like

Get-Command gpg | select Source

My gpg path was C:\Program Files (x86)\Gpg4win\..\GnuPG\bin\gpg.exe. That's quite a weird path .

But technically it is the same as "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

So now set GIT to use this path:

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

Essentially it seemed that the gpg program that was being used was different to the one being run when I used gpg on the command line.

if all of the above did not work for you

I got into a slightly different problem, everything up there ALREADY CHECKED, somehow my gpg signing stopped working - and i don't want to restart my server. After digging around i found this log

Some output of systemctl --user status gpg-agent

6월 12 00:50:55 AISRC gpg-agent[17450]: can't connect to the SCdaemon: IPC connect call failed
6월 12 00:50:55 AISRC gpg-agent[17450]: failed to unprotect the secret key: Operation cancelled
6월 12 00:50:55 AISRC gpg-agent[17450]: failed to read the secret key
6월 12 00:50:55 AISRC gpg-agent[17450]: command 'PKSIGN' failed: Operation cancelled <Pinentry>

Note that until this point, it's not about git anymore, it's about gpg and distro-specific issues.

FIXED (the root cause is pinentryscrewed things up)
Create gpg-agent.conf if you don't have one under your home dir and add the line below (pinentry-program /usr/bin/pinentry-curses)

❯ cat  ~/.gnupg/gpg-agent.conf
pinentry-program /usr/bin/pinentry-curses

Then you have to restart gpg-agent by issuing systemctl --user restart gpg-agent and you may want to log-in/out. Make sure to export GPG_TTY=$(tty) and test again. Good luck

Check my write-up here for the summary nguyenvulong/QA#25