How to understand the `gpg failed to sign the data` problem in git

README.md

Problem

You have installed GPG, then tried to perform a git commit and suddenly you see this error message after it 😰

error: gpg failed to sign the data
fatal: failed to write commit object

Understand the error (important to solve it later!)

To understand what's going on, first check what git is doing, so add GIT_TRACE=1 at the beginning of the command you used before (git commit or git rebase or git merge or anything like that):

GIT_TRACE=1 git commit

With that you can see what GPG is doing.

You will see something like this:

10:37:22.346480 run-command.c:637       trace: run_command: gpg --status-fd=2 -bsau <your GPG key>

(First thing would be to check if your GPG key is correct)

Execute that gpg command again in the command line:

gpg --status-fd=2 -bsau <your GPG key>

👆🏻 Executing this will give you a useful output that will allow you to see what happened in detail 🙌🏼

Check now the possible solutions based on your findings 👀

Some solutions

We can have many problems, but I list what I found and some solutions posted in the thread:

1. It could be that the GPG key was expired: https://stackoverflow.com/a/47561300/532912

2. Another thing could be that the secret key was not set properly (In my case the message said gpg: signing failed: No secret key as it can be see in the image below). It means that is not finding the key that was set. You would need to set up the GPG key in Git (again):

   • List the secret keys available in GPG.

   gpg --list-secret-keys --keyid-format=long

   • Copy your key
   • Set your key for your user in git

   git config --global user.signingkey <your key>

3. Another popular solution that could help was shared here by @NirajanMahara: https://gist.github.com/paolocarrasco/18ca8fe6e63490ae1be23e84a7039374?permalink_comment_id=3767413#gistcomment-3767413

4. A specific and popular solution posted for mac users by @lehaiquantb suggests to install pinentry (I'm not a fan of installing stuff but if you are ok with it):

brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

5. You can see in the thread of this gist other ways to find the solution to other problems. I recommend to read the Github guide for signing commits with GPG.

Hope it helps!

If you are on Windows and have used GPG4Win to manage your keys then you need to set the GPG program path.

If you look at where your gpg instance comes from mine looked like

Get-Command gpg | select Source

My gpg path was C:\Program Files (x86)\Gpg4win\..\GnuPG\bin\gpg.exe. That's quite a weird path .

But technically it is the same as "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

So now set GIT to use this path:

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

Essentially it seemed that the gpg program that was being used was different to the one being run when I used gpg on the command line.

Thanks

Just a heads up for MacOS users, if you configure XDG_CONFIG_HOME in your ~/.zshrc, ~/.bashrc, etc. this can cause issues with GPG signing. Remove it and start a new shell session.

brew install gpg2
export GPG_TTY=$(tty)
gpgconf --launch gpg-agent
gpgconf --launch dirmngr
brew reinstall gnupg
chmod 700 ~/.gnupg
chmod 600 ~/.gnupg/*
gpgconf --kill gpg-agent
gpgconf --kill dirmngr
gpgconf --launch gpg-agent
gpgconf --launch dirmngr
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
gpgconf --kill gpg-agent
git config --global gpg.program /usr/local/bin/gpg
git config --global commit.gpgsign true
echo "test" | gpg --clearsign

these steps helped me

Everywhere GPG is used this mess arise.
As a result your code IS GARBAGE.
AGAIN.

Thanks ❤️