Skip to content

Instantly share code, notes, and snippets.

@paolocarrasco
Last active November 5, 2024 20:08
Show Gist options
  • Save paolocarrasco/18ca8fe6e63490ae1be23e84a7039374 to your computer and use it in GitHub Desktop.
Save paolocarrasco/18ca8fe6e63490ae1be23e84a7039374 to your computer and use it in GitHub Desktop.
How to understand the `gpg failed to sign the data` problem in git

Problem

You have installed GPG, then tried to commit and suddenly you see this error message after it:

error: gpg failed to sign the data
fatal: failed to write commit object

Debug

For understanding what's going on, first check what git is doing, so add GIT_TRACE=1 at the beginning of the command you used before (git commit or git rebase):

GIT_TRACE=1 git commit

With that you can see what GPG is doing: Probably you will see something like this

10:37:22.346480 run-command.c:637       trace: run_command: gpg --status-fd=2 -bsau <your GPG key>

(Check if your GPG key is correct)

Execute that gpg command again in the command line:

gpg --status-fd=2 -bsau <your GPG key>

👆🏻 With this now you could see what happened in detail!

Solutions

We can have many problems, but I list what I found:

  1. It could be that the GPG key was expired: https://stackoverflow.com/a/47561300/532912

  2. Another thing could be that the secret key was not set properly (In my case the message said gpg: signing failed: No secret key as it can be see in the image below). image It means that is not finding the key that was set. You would need to set up the GPG key in Git (again):

    • List the secret keys available in GPG.
    gpg --list-secret-keys --keyid-format=long
    • Copy your key
    • Set your key for your user in git
    git config --global user.signingkey <your key>
  3. Another popular solution that could help was shared here by @NirajanMahara: https://gist.github.com/paolocarrasco/18ca8fe6e63490ae1be23e84a7039374?permalink_comment_id=3767413#gistcomment-3767413

  4. You can see in the thread of this gist other ways to find the solution to other problems. I recommend to read the Github guide for signing commits with GPG.

Hope it helps!

@Vyom-Yadav
Copy link

Thanks, the steps worked for me

@rserranon
Copy link

Fix propsed by @NirajanMahara worked for me, but It seems for every branch I have, I need to execute the export GPG_TTY=$(tty) command before committing.

@ShawnCockburn
Copy link

ShawnCockburn commented Jan 29, 2022

@Kamikozz
Copy link

OMG, great work @NirajanMahara , thx! It helped me to move from Win to Mac

@ThomasLilley
Copy link

Thank you SO much @NirajanMahara !!

@BitesizedLion
Copy link

I found this post very usefull! However my problem was that there was a comment in the GPG key, so the key was not found corretly with only the user.name and user.email config of git.

@gatoniel Thank you! You are an absolute life saver, your solution worked perfectly for me.

@hamees-sayed
Copy link

@devturp add export GPG_TTY=$(tty) to your .bashrc and then you have to run the export command only for your first git commit after starting up your computer.
Reminder: Everytime you boot your computer you have to use the export command just once.

@dfdemar
Copy link

dfdemar commented Mar 23, 2022

This comment fixed it for me.

@freddiegar
Copy link

Thanks, debug info: [GNUPG:] KEYEXPIRED, trace flag is awesome!

@tmoreira2020
Copy link

After upgrading my OSX to Monterey it stoped to work without reason. The GIT_TRACE didn't help to much because everything was correctly set. In the end I reinstalled the GPG Sutie via brew with the command brew reinstall --cask gpg-suite and it fixed the issue.

@justinbalaguer
Copy link

omg I just need to run export GPG_TTY=$(tty)

  1. then use export GPG_TTY=$(tty)

@atatural
Copy link

lifesaver

dude that was a little bit overrated declaretion, its just my opinion

@pulasthi-Narada
Copy link

This option is for setting the path in .gitconfig to gpg.exe in the windows os environment.

[gpg]
program = C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe

@chevyphillip
Copy link

@justinbalaguer solution worked for me here.

@Kush1406
Copy link

@exostin solution worked for me. Thanks

@mnovozhylov
Copy link

There's another situation:

sec   dsa3072/AAAAAAAAAAAAA 2010-05-05 [SC] [expires: 2030-05-05]
      BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
uid                 [ultimate] Author Name <[email protected]>

While GitHub documentation operates with AAAAAAAAAAAAA in sections when you need to create and register the key in GPG, git requires BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB, i.e. git config --global user.signingkey BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB, instead of git config --global user.signingkey AAAAAAAAAAAAA

Hopefully, it helps someone.

@ayubov
Copy link

ayubov commented May 26, 2022

I got a case when signing suddenly stopped working. After a long fight nothing has helped except gpgconf --kill gpg-agent

@OliverRC
Copy link

OliverRC commented Jun 7, 2022

If you are on Windows and have used GPG4Win to manage your keys then you need to set the GPG program path.

If you look at where your gpg instance comes from mine looked like

Get-Command gpg | select Source

My gpg path was C:\Program Files (x86)\Gpg4win\..\GnuPG\bin\gpg.exe. That's quite a weird path .

But technically it is the same as "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

So now set GIT to use this path:

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

Essentially it seemed that the gpg program that was being used was different to the one being run when I used gpg on the command line.

@nguyenvulong
Copy link

nguyenvulong commented Jun 11, 2022

if all of the above did not work for you

I got into a slightly different problem, everything up there ALREADY CHECKED, somehow my gpg signing stopped working - and i don't want to restart my server. After digging around i found this log

Some output of systemctl --user status gpg-agent

6월 12 00:50:55 AISRC gpg-agent[17450]: can't connect to the SCdaemon: IPC connect call failed
6월 12 00:50:55 AISRC gpg-agent[17450]: failed to unprotect the secret key: Operation cancelled
6월 12 00:50:55 AISRC gpg-agent[17450]: failed to read the secret key
6월 12 00:50:55 AISRC gpg-agent[17450]: command 'PKSIGN' failed: Operation cancelled <Pinentry>

Note that until this point, it's not about git anymore, it's about gpg and distro-specific issues.

FIXED (the root cause is pinentryscrewed things up)
Create gpg-agent.conf if you don't have one under your home dir and add the line below (pinentry-program /usr/bin/pinentry-curses)


❯ cat  ~/.gnupg/gpg-agent.conf
pinentry-program /usr/bin/pinentry-curses

Then you have to restart gpg-agent by issuing systemctl --user restart gpg-agent and you may want to log-in/out. Make sure to export GPG_TTY=$(tty) and test again. Good luck

Check my write-up here for the summary nguyenvulong/QA#25

@subhendudash02
Copy link

The command

git config --global user.signingkey <your key>

helped me. I forgot to configure the key after generating.
Thanks!

@MedRedha
Copy link

Oh Gosh! You just saved my day 🙏 Thanks a lot @paolocarrasco

@rohitss912
Copy link

@NirajanMahara - Thanks buddy your solution worked for me!

@gmale
Copy link

gmale commented Aug 1, 2022

It could also be due to the fact that you need to enter a password. Run ssh-add before committing.

This was effectively my issue. Somehow running the rebase with GIT_TRACE allowed it to pause and ask for a password (i.e. GIT_TRACE=1 git pull origin master --rebase) and then it all worked. This happened after my computer shut down, which probably explains why the gpg password was required again.

Now that I know GPG was causing this prompt, I followed some of these guides and setup GPG not to prompt for a password any longer.

https://gist.github.com/koshatul/2427643668d4e89c0086f297f9ed2130
https://stackoverflow.com/questions/39780452/prevent-gpg-password-prompt-on-mac
https://unixb0y.de/blog/articles/2019-01/gpg-password-macos-keychain

To test it, I ran the following to verify that it asked me for a prompt. Then, after taking the steps above it stopped asking:

echo test | gpg -e -r [email protected] | gpg -d

@victorjatoba
Copy link

Follow the below url to setup signed commit https://help.github.com/en/articles/telling-git-about-your-signing-key

if still getting gpg failed to sign the data fatal: failed to write commit object

this is not issue with git ,this is with GPG follow below steps

  1. gpg --version
  2. echo "test" | gpg --clearsign

if it is showing:

gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device
  1. then use export GPG_TTY=$(tty)
  2. then try again echo "test" | gpg --clearsign in which PGP signature is.

Output:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

test
-----BEGIN PGP SIGNATURE-----

iLMEAQEKAB0WIQS2V0SFHi18psvDbo7uFF+LP7qc1gUCYLjB2QAKCRDuFF+LP7qc
1r5LBACB1m3Lpl21379qAvVamWcn9isdgdg34t34t43t34t34t434yGQHqikxWL7A5
Ls7giKZYscb30o0rkY6I1W9MjBBW96R2pnaYsioFpsf434dfg54rfdgfdgdfgdfpaIoU3k
JKrYxR7yMjqUv0a2jE+97kh+bSuzqwIkMHyikbABI90lY+4OLw==
=UHKx
-----END PGP SIGNATURE-----
  1. git config -l | grep gpg

Output:

commit.gpgsign=true
gpg.program=gpg
tag.gpgsign=true
  1. apply git commit -S -m "initial commit rocketrocketrocketrocket"
  2. or git config --global commit.gpgsign true

https://stackoverflow.com/questions/39494631/gpg-failed-to-sign-the-data-fatal-failed-to-write-commit-object-git-2-10-0/55993078#55993078

It worked for me. Thanks!

@MaxFoton
Copy link

5. git config -l | grep gpg

it also worked for me! thank you!

@dan-developer
Copy link

It seems for every branch I have, I need to execute the export GPG_TTY=$(tty) command before committing.

Is there anyway around this?

It worked for me. Thank you!

@Phrozyn
Copy link

Phrozyn commented Oct 14, 2022

For me the issue is always simply the fact that my vscode terminal window is too small, git needs like half a screen's height and about the width of this comment section for it to surface the GPG prompt, otherwise it errors out and tells you that:

error: gpg failed to sign the data
fatal: failed to write commit object

so I enlarge the window and voila all fixed when I run git commit again.

@Jeff-Tian
Copy link

There's another situation:

sec   dsa3072/AAAAAAAAAAAAA 2010-05-05 [SC] [expires: 2030-05-05]
      BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
uid                 [ultimate] Author Name <[email protected]>

While GitHub documentation operates with AAAAAAAAAAAAA in sections when you need to create and register the key in GPG, git requires BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB, i.e. git config --global user.signingkey BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB, instead of git config --global user.signingkey AAAAAAAAAAAAA

Hopefully, it helps someone.

It helped me, thanks!

@0xmovses
Copy link

worked for me thank you for this!

@pullsuzdesheloper
Copy link

Great! Thanks for your help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment