How to understand the `gpg failed to sign the data` problem in git

README.md

Problem

You have installed GPG, then tried to perform a git commit and suddenly you see this error message after it 😰

error: gpg failed to sign the data
fatal: failed to write commit object

Understand the error (important to solve it later!)

To understand what's going on, first check what git is doing, so add GIT_TRACE=1 at the beginning of the command you used before (git commit or git rebase or git merge or anything like that):

GIT_TRACE=1 git commit

With that you can see what GPG is doing.

You will see something like this:

10:37:22.346480 run-command.c:637       trace: run_command: gpg --status-fd=2 -bsau <your GPG key>

(First thing would be to check if your GPG key is correct)

Execute that gpg command again in the command line:

gpg --status-fd=2 -bsau <your GPG key>

👆🏻 Executing this will give you a useful output that will allow you to see what happened in detail 🙌🏼

Check now the possible solutions based on your findings 👀

Some solutions

We can have many problems, but I list what I found and some solutions posted in the thread:

1. It could be that the GPG key was expired: https://stackoverflow.com/a/47561300/532912

2. Another thing could be that the secret key was not set properly (In my case the message said gpg: signing failed: No secret key as it can be see in the image below). It means that is not finding the key that was set. You would need to set up the GPG key in Git (again):

   • List the secret keys available in GPG.

   gpg --list-secret-keys --keyid-format=long

   • Copy your key
   • Set your key for your user in git

   git config --global user.signingkey <your key>

3. Another popular solution that could help was shared here by @NirajanMahara: https://gist.github.com/paolocarrasco/18ca8fe6e63490ae1be23e84a7039374?permalink_comment_id=3767413#gistcomment-3767413

4. A specific and popular solution posted for mac users by @lehaiquantb suggests to install pinentry (I'm not a fan of installing stuff but if you are ok with it):

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

5. You can see in the thread of this gist other ways to find the solution to other problems. I recommend to read the Github guide for signing commits with GPG.

Hope it helps!

On MacOS, I have to install pinentry-mac to enter passphrase

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

This is the true solution 👍

Thank you. I have been looking for a good solution, installed pinentry-mac from Brew but then got lost on why it wouldn't work lol.

If this was your error:

error: gpg failed to sign the data
fatal: failed to write commit object

Enabling a PIN or passphrase should solve your problem. Use the link below and scroll down to option number: 8, for the instructions on how to enable a PIN or passphrase. Thank you

https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key

I have followed below steps to make it work.

displaying-verification-statuses

gpg --version
gpg (GnuPG) 2.2.4
libgcrypt 1.8.1

Generating a new GPG key

gpg --full-generate-key

1. Enter kind of key
2. Enter key size
3. Enter validity time as 1w
4. Enter Any name
5. Enter email id of git config --local user.email
6. Enter passphrase.

Show keys

gpg --list-secret-keys --keyid-format=long

gpg --armor --export 57F4FA608D45BAB9 add this in Github account

git config --global --unset gpg.format

git config --global user.signingkey 57F4FA608D45BAB9

Below command shows error

GIT_TRACE=1 git commit -S -m "New"
20:12:12.634411 git.c:344               trace: built-in: git commit -S -m New
20:12:12.635410 run-command.c:646       trace: run_command: gpg --status-fd=2 -bsau 57F4FA608D45BAB9
error: gpg failed to sign the data
fatal: failed to write commit object

It stuck here

gpg --status-fd=2 -bsau 57F4FA608D45BAB9
[GNUPG:] KEY_CONSIDERED ECC43CBF86A5676302D329A157F4FA608D45BAB9 2
[GNUPG:] BEGIN_SIGNING H10

Error

echo "test" | gpg --clearsign
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

test
gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device

export GPG_TTY=$(tty) It make it work.

PASS
echo "test" | gpg --clearsign

gpg --list-secret-keys --keyid-format=long
gpg --full-generate-key
gpg --list-secret-keys --keyid-format=long
gpg --armor --export 4345F02F0FDBDC48
git config --global user.signingkey 4345F02F0FDBDC48!
echo "test" | gpg --clearsign
GIT_TRACE=1 git commit -S -m "new GPG key"

On MacOS, I have to install pinentry-mac to enter passphrase

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

This is the true solution 👍

Still working in March 2025! This is the way ❤️

If you are on Windows and have used GPG4Win to manage your keys then you need to set the GPG program path.

If you look at where your gpg instance comes from mine looked like

Get-Command gpg | select Source

My gpg path was C:\Program Files (x86)\Gpg4win\..\GnuPG\bin\gpg.exe. That's quite a weird path .

But technically it is the same as "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

So now set GIT to use this path:

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

Essentially it seemed that the gpg program that was being used was different to the one being run when I used gpg on the command line.

Thanks

Just a heads up for MacOS users, if you configure XDG_CONFIG_HOME in your ~/.zshrc, ~/.bashrc, etc. this can cause issues with GPG signing. Remove it and start a new shell session.

brew install gpg2
export GPG_TTY=$(tty)
gpgconf --launch gpg-agent
gpgconf --launch dirmngr
brew reinstall gnupg
chmod 700 ~/.gnupg
chmod 600 ~/.gnupg/*
gpgconf --kill gpg-agent
gpgconf --kill dirmngr
gpgconf --launch gpg-agent
gpgconf --launch dirmngr
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
gpgconf --kill gpg-agent
git config --global gpg.program /usr/local/bin/gpg
git config --global commit.gpgsign true
echo "test" | gpg --clearsign

these steps helped me

Everywhere GPG is used this mess arise.
As a result your code IS GARBAGE.
AGAIN.

Thanks ❤️