35

I'm getting this error when trying to sign a commit:

git commit -S -m "test"
gpg: skipped "EF617ACA9EC3XXXX": No secret key
gpg: signing failed: No secret key
error: gpg failed to sign the data
fatal: failed to write commit object

This is the output of gpg --list-secret-keys --keyid-format LONG

The key is present there

sec   rsa4096/EF617ACA9EC3XXXX 2020-05-17 [SC] [expires: 2022-05-17]
      AD68154000A712DCD161D826EF617ACA9EC3XXXX
uid                 [ultimate] name <[email protected]>

And this is git config with the same key

user.signingkey=EF617ACA9EC3XXXX
[email protected]

Any idea what's wrong?

Improve this question

10 Answers 10

Reset to default
51

git config --global gpg.program "c:/Program Files (x86)/GnuPG/bin/gpg.exe"

I installed with Kleopatra and generated my key within that. I was unable to create a commit until I ran the command above.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I had set this before but it didn't work for me so I updated the gpg executable to C:\Program Files\Git\usr\bin\gpg.exe and it worked.
Nicely done, when I'm using Windows 11, I use the Everything app (it's free) to search for things like the most appropriate executable.
18

In case anyone is a dufus like me I was getting this error because I had the gitkey wrong while directly editing the file via: git config --global -e or code ~/.gitconfig or whatever flavor of editor you enjoy.

  • singingkey 🎶🔑 instead of
  • signingkey 🤦‍♂️
Improve this answer

3 Comments

My case was signinkey instead of signingkey. Thank you!
This helped me today, just had to manually updated my "Key-ID" via Kleopatra
Add me to your dufus list :)
15

Check first the git config gpg.program to see if this is gpg or gpg2 (as in here).

And type where gpg nd where gpg2 to check which path is considered for the GPG program.

I suggested to set gpg.program to gpg2, and copy your gpg.exe (assuming its version is a 2.x) to gpg2.exe

That should force Git/GPG to act as gpg2.

Improve this answer

12 Comments

gpg is in git config. Path to gpg.exe is correct too, and I don't have gpg2 at all (isn't it on linux only?)
@giveall The gpg currently shipped with Git for Windows is actually a gpg 2 -2.2.17)
@giveall What version of Git for Windows are you using?
@giveall Try and set gpg.program to gpg2, and copy your gpg.exe (assuming its version is a 2.x) to gpg2.exe, for testing. See also stackoverflow.com/a/46884134/6309
Anyway, renaming gpg.exe to gpg2.exe and changing it in the config helped, which is super weird.
|
8

Was facing the same issue in windows 10 git bash. Doing this solved my problem. You could find this path by running where gpg

$ git config --global gpg.program "C:\Program Files\Git\usr\bin\gpg.exe"

Improve this answer

Comments

4

Root-cause:

Most probably the program used to generate the GPG keys is not the same that git is using.

Answer (consolidated from other answers):

  1. Identify the program used to generate the GPG Keys (see next section for details).
  2. Set that program to be used for commit signing in git:
git config --global gpg.program <path-to-the-program>

GPG Key generators program locations:

  • git, git-bash: "C:\Program Files\Git\usr\bin\gpg.exe" (source)
  • Kleopatra (x86): "C:/Program Files (x86)/GnuPG/bin/gpg.exe" (source)
  • gpg2: "C:\Program Files\Git\usr\bin\gpg2.exe" (source)
  • git installed as local user: "C:\Users\<user>\AppData\Local\Programs\Git\usr\bin\gpg.exe" (source)

Note: Update this answer to reflect other possible path locations so we avoid having multiple valid answers.

Improve this answer

Comments

2

I hit this issue when trying to set up git commits signing on Windows.

In my case I had multiple gpg.exe installations, including the one at C:\Program Files\Git\usr\bin\gpg.exe. However, the default gpg command was executing a different gpg.exe, and generated the secret keys with it. Changing git's gpg.program option didn't work for me.

Ultimately, I just used git's gpg install to generate the secret key and that works like a charm:

cd "C:\Program Files\Git\usr\bin"
.\gpg --version
.\gpg --list-secret-keys --keyid-format=long
.\gpg --full-generate-key

etc
...
Improve this answer

Comments

1

Another potential issue/resolution:

Make sure the email you set in Github is verified and that it exactly matches the email you used when you generated your GPG key.

Improve this answer

1 Comment

This will lead to "Unverified" on Github, not to this error. This answer is completely unrelated to the question.
1

Had this same problem on Windows 11 when trying to get GitHub Desktop to work. The answer given here solved the issue for me:

git config --global gpg.program "C:\Program Files\Git\usr\bin\gpg.exe"
Improve this answer

Comments

1

I have resolved my issue by setting the path of the gpg.exe from git itself.

git config --global gpg.program "C:\Users\myname\AppData\Local\Programs\Git\usr\bin\gpg.exe"
Improve this answer

Comments

-3

My computer does not have gpg.exe installed

I removed the following two lines in my .gitconfig [commit] gpgsign = true

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.