Login/Register
Git error - gpg failed to sign data
Asked Answered
Solved gitgnupg
K

34

354

I just started using git and I install git and gpg via homebrew. For some reason, I get this error when i do git commit I looked at so many other stackoverflow questions regarding this topic and none of them worked for me. How can I fix this error so that I can upload successfully. 

error: gpg failed to sign the data
fatal: failed to write commit object
Knopp answered 9/12, 2016 at 3:17 Comment(6)
For Mac users. I had this issue. Advice on this page helped me realize I may have two versions of gpg installed and I did. One from brew and one from GPG Suite. I wanted to use the GPG Suite one since it allows for caching passphrase in system keychain. Uninstalling the brew version resolved my issues. Along with @sideshowbarker's answer about killing gpg-agent. So I assume the configurations of each were interfering with one another.Yokoyokohama
Possible duplicate of gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]Misfile
Possible duplicate of #41502646Crosswise
I just ran into an issue with gpg signing, the problem was that my git repo didn't have it's local gpg.signingkey set, but the gllobal one was. So just set git config --local user.signingkey to the correct key and it'll autosign again. and maybe unset the global one with git config --global --unset user.signingkeyParalyze
Apart from what others said, I also had to make sure that my user.email matched what I entered when generating the key: git config --global user.email 'SAME EMAIL'Casework
I have the same problem on macOS (Ventura). After testing it with echo "test" | gpg --clearsign, I have found out that there is a problem with gpg itself. Therefore, I added export GPG_TTY=$(tty) to .zshrc.Rattlebrained
B
506

For troubleshooting, two things to first try:

  • run gpg --version, and make sure you have GnuPG version 2+ (not version 1) installed
  • run echo "test" | gpg --clearsign, to make sure gpg itself is working

If that all looks all right, one next thing to try:

  • run brew install pinentry to ensure you have a good tool installed for passphrase entry

If after that install, you re-try git commit and still get a "failed to sign the data" error, do:

  • run gpgconf --kill gpg-agent to kill any running agent that might be hung

Otherwise, some basic steps to run to check you’ve got a working GnuPG environment:

  • run gpg -K --keyid-format SHORT, to check that you have at least one key pair that is not expired

If the output of that shows you have no secret key for GnuPG to use, you need to create one:

  • run gpg --gen-key, to have GnuPG walk you through the steps for creating a key pair

If you get an error message saying “Inappropriate ioctl for device”, do this:

  • run export GPG_TTY=$(tty) and/or add that to your ~/.bashrc or ˜/.bash_profile
Butchery answered 9/12, 2016 at 6:6 Comment(20)
I get this error when I run the second command: gpg: no default secret key: No secret key gpg: [stdin]: clearsign failed: No secret keyKnopp
@Knopp That seems to indicate gpg doesn’t think you have any keys to use for signing. See the additional steps I added to the answer; if you’ve never run gpg2 --gen-key before, that’s what you need to do first.Butchery
When I run that command it gives me: gpg: Sorry, no terminal at all requested - can't get input. UPDATE: I deleted no-tty from ~/.gnupg/gpg.conf and it looks like its working. Ill update you if it does or doesn't workKnopp
Ok, I set up my email stuff. It still doesn't work though. It gives me the same errorKnopp
when I run echo "test" | gpg2 --clearsign, it gives me: gpg-agent[-]: command get_passphrase failed: Inappropriate ioctl for device gpg: problem with the agent: Inappropriate ioctl for device gpg: no default secret key: Operation cancelled gpg: [stdin]: clearsign failed: Operation cancelled. I've tried so many other possibilites, but none work. Is there a way to use GIT without GPG!Knopp
You might try export GPG_TTY=$(tty). As far as if there’s a way to use git without gpg, you should be able to do that by default or else just by running git config --global commit.gpgsign false to globally unset gpg signing of your commits.Butchery
sorry for the late response. I appreciate your help, but the way I fixed it was to delete the gpg configuration from my git.Knopp
A brew install pinentry-mac, updating ~/.gpg/gpg-agent.conf to use it and then gpgconf --kill gpg-agent did the trick. Thank you for the pointers.Salify
this part ( git config --global gpg.program gpg2) has been saved my life! :)Justajustemilieu
Here in Mac OS X, I started to debug with echo "test" | gpg2 --clearsign, found an error and it leads me to this thread, which solved my problem: I just put an export GPG_TTY=$(tty) into my ˜/.bash_profile file and then reloaded with source ˜/.bash_profileLashaunda
I was missing he export GPG_TTY=$(tty) part. I'm guessing when i installed gpg, that session had GPG_TTY set, so as soon as I started a new session I lost it. Thanks for such a comprehensive fix all for gpg :DNaturalize
My problem is that I have a Git repository owned by the root user that I can access with sudo. Normally in order to use this repo, I use sudo -E git .... However it does not appear that gpg can sign this repository with my own keys. What's the solution for when you use gpg signing but you're on a repository owned by the root user that you access through sudo?Leonaleonanie
When running the echo test command I get gpg: signing failed: Screen or window too small. Why is there a minimum window size and how do I bypass this check?Disentitle
For those interested in gpg2: In contrast to the standalone version gpg, which is more suited for server and embedded platforms, this version is installed under the name gpg2 and more targeted to the desktop as it requires several other modules to be installed.Selestina
gpgconf --kill gpg-agent <-- This is what I needed. Thank you!!Hildahildagard
My issue was simple and silly: I had mistyped my git config --global user.signingkey command and thus had the wrong key in. This guide helped a lot to eliminate errors, but I would have solved it even quicker if had just looked at cat ~/.gitconfigReexamine
this echo "test" | gpg --clearsign got me on the right track. my code was failing on gpg signing, but running that gave me the following output: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 test gpg: signing failed: Screen or window too small gpg: [stdin]: clear-sign failed: Screen or window too small so i increased the size of the terminal window et voilå :-PCoarsen
Can I add one to your list? I have had signing fail because my terminal window was too small in the past.Eggcup
I'm using oh-my-zsh and the export GPG_TTY=$(tty) finally did it for me! Thank you kind manRaffinate
also in case wonderng to check the signatures it's possible to use git show --show-signature -s or git log --show-signatureEpicycloid
H
171

Git needs to know which key it is signing with.

After you have setup GPG, gpg-agent, and your gpg.conf files (see this guide), you need to run

git config --global user.signingKey EB11C755

Obviously, replace the public key at the end with your own. If you want every commit to be signed by default, use

git config --global commit.gpgsign true

$ gpg2 -K --keyid-format SHORT          # <-- Shows your keys, e.g.:
/home/<username>/.gnupg/pubring.kbx
-------------------------------
sec   rsa4096/0754B01E 2019-02-02 [SCA]             <--secret key
      C396BF3771782D7691B0641145E11B080754B01E
uid         [ultimate] John Doe <[email protected]>
ssb   rsa4096/A20AB8EC 2019-02-02 [E]               <--public key

sec   rsa4096/25C504D5 2019-02-02 [SCA] [revoked: 2020-06-01]
      08BFF49B9E07E4B4B0C4946B645B6C1425C504D5
uid         [ revoked] John Doe <[email protected]>
uid         [ revoked] [jpeg image of size 2670]

Where A20AB8EC is the key ID you're looking for from this example.

Hereat answered 22/3, 2017 at 3:38 Comment(6)
I just ran into this in case anyone else was foolish enough to do what I did: Make sure you spell it "signingkey" and not "signinkey".Jorry
literally this comment by @Jorry did it for me. I had spelled it "signkey" instead of "signingkey"Ardyth
The accepted answer should cite this as the first troubleshooting step, because sometimes you have all your keys already in place, it's just git forgets which key to use.Angadreme
If you are still getting this error try unsetting your local config with git config --local --unset user.signingkey and git config --local --unset commit.gpgsign. I had a different, invalid, key set as my local key and that was causing this error.Blacken
This helped me solve it, by changing my signing key!Reinke
on macos, it should be signingkey not signingKey with camel case.Honeyman
S
94

I am using it. It has support for zsh and works on Windows Subsystem for Linux:

export GPG_TTY=$(tty)

Other users have confirmed that above is the only change required for MacOS (e.g. Catalina 10.15.7). For Macs add above to ~/.zshrc.

Proved to work also in Linux containers in Windows with WSL2.

Spite answered 21/2, 2019 at 14:12 Comment(8)
I'm using zsh on MacOS Catalina and this was the only change I needed to get it to work. Thanks.Unpeg
I was receiving the error in the OP after copying my keys to my WSL environment, turns out I needed to do this to provide a prompt for the passphrase on the key. Thanks.Deadlock
this was also the solution on Ubuntu over SSHSelestina
Over SSH you might need to find your ssh tty (echo $SSH_TTY) and use that for GPG_TTY too.Drews
This worked perfectly for me on RHEL 8.3. GPG_TTY=$SSH_TTY git commit ... did the trick.Bohun
You're a lifesaver! I put this into my profile and now I can sign commits whenever I want.Ramos
i have checked at this link: gnupg.org/documentation/manuals/gnupg/… and added two lines first="GPG_TTY=$(tty)" second="export GPG_TTY" it works nowGiamo
When using Fish it's : export GPG_TTY='(tty)'Forked
T
68

Somehow your git is configured to GPG sign every commit. Signing with GPG isn't required to commit or push using git. It's likely giving the error because your gpg signing mechanism isn't configured yet.

If you're new to git, try to get it working first without GPG signing at first, then add signing in later if you really need it.

You can verify how your git is configured with regards to gpg by doing:

git config -l | grep gpg

Which may produce zero or more lines, including:

commit.gpgsign=true

If "commit.gpgsign" is true, then you have gpg signing enabled. Disable it with:

git config --global --unset commit.gpgsign

Then try to run your commit again. It should now run without gpg signing. After you get the basic git working, then you should try adding gpg signing back to the mix.

Tangleberry answered 27/2, 2017 at 0:23 Comment(4)
Awesome! git config --global --unset commit.gpgsign worked for me :)Schnitzel
This works lol as there is now no feature for gpg signing so, i upvoteOloughlin
Kudos! I disabled globally and still stuck , then I grep all and noticed it is still enabled locally git config -l | grep gpg God bless you!Offside
Very helpful answer for diagnosis. I'm returning to git after a long hiatus and some of my remembered settings and configurations needed updating.Burrton
A
55

Check for your key to be expired. Once you fix the expiration date (no need to create a new key unless you want to), git will work as normal.

One way to fix the expired key:

(Note: $ represents command line prompt, type the commands after the prompt; press Enter after each command)

$ gpg2 --list-keys to find the appropriate key id (characters after \ on pub line)

$ gpg2 --edit-key <key id> - this opens the gpg shell, with prompt changed to gpg>

gpg> expire - follow instructions to set new expiration date for primary key

Next, if there are subkeys that are expired (sub shows on the line), reset their expiration dates, too:

gpg> key 1 - selects first subkey
gpg> expire - follow instructions to set new expiration date for subkey

Repeat for each subsequent subkey, as needed.

gpg> save - saves the expiration dates changes

Amylum answered 2/5, 2017 at 1:3 Comment(4)
I have had this problem every time I've tried to run a gpg key that didn't have an expiration date. For some reason git doesn't like that. Using this method to add an expiration date (no matter how far in the future) seems to solve the problem.Gresham
Don't forget to type save at the gpg prompt when you're done!Converge
Another way to fix: run "gpg keychain" app (if you use it). If a key is expired it will ask you if you want to renew it, click on "yes".Hemolysis
On Ubuntu, gpg may be enough for the command (no need for gpg2.Winfield
T
54

Refer to @sideshowbarker, and @Xavier Ho solution, I solved my problem via following steps.

Assume gpg2 installed by brew,

git config --global gpg.program gpg2
brew install pinentry
gpgconf --kill gpg-agent
gpg2 -K --keyid-format SHORT
// no key found then generate new one
gpg2 --gen-key

gpg2 -K --keyid-format SHORT

.../.gnupg/pubring.gpg

sec rsa2048/0A61C6FC 2017-06-29 [SC] [expires: 2019-06-29]

git config --global user.signingkey 0A61C6FC

Reminded by my colleague, need to append

export GPG_TTY=$(tty)

to ~/.zshrc if using zsh, else append to ~/.bash_profile

For macOS,

the gpg2 is combined with gpg in brew and hence the gpg command is pointed to gpg2

brew install gpg2

brew info gpg

gnupg: stable 2.2.6 (bottled)

git config --global gpg.program gpg
gpg -K --keyid-format SHORT

and there has pinentry-mac for passphrase entry

brew install pinentry-mac
vim ~/.gnupg/gpg-agent.conf

Add line

pinentry-program /usr/local/bin/pinentry-mac

Reminded by my colleague, need to append

export GPG_TTY=$(tty)

to ~/.zshrc if using zsh, else append to ~/.bash_profile

Troublous answered 29/6, 2017 at 17:34 Comment(4)
macOS 10.15 (Catalina) ships with GnuPG version 2.2.17 so there's no need to install it separately unless you plan to manage updates on your own.Lepidote
For macOS users: fell free to create the ~/.gnupg/gpg-agent.conf file if it doesn't exist.Chambray
That setting export GPG_TTY=$(tty) helped for Windows 10 Ubuntu WSL as wellSukey
on macOS 11.5 zsh. happened after gpg upgrade. agent was already running and there was actually a version mismatch. kill agent did the trick! tyIsentropic
I
23

Solution:

Issue: Disabled loopback pinentry mode

To solve the problem, you need to enable loopback pinentry mode in ~/.gnupg/gpg.conf:

cat <<'EOF' >> ~/.gnupg/gpg.conf

use-agent 
pinentry-mode loopback

EOF

And also in ~/.gnupg/gpg-agent.conf (create the file if it doesn't already exist):

cat <<'EOF' >> ~/.gnupg/gpg-agent.conf

allow-loopback-pinentry

EOF

Then restart the agent with echo RELOADAGENT | gpg-connect-agent and you should be good to go!

Source

Inebriant answered 20/4, 2020 at 3:53 Comment(4)
Wow, after spending hours trying every possible solutions, this fixed my problem, thanks!Adrial
You're welcome. Thanks to the source actually. I was stuck with this too.Inebriant
I was having a very hard time getting anything else to work during a SSH session and this fixed it. Thank you!Yellowknife
This answer is the solution to my problem!Indemnify
B
10

This worked for me on ubuntu 18.04

Check your gpg key

gpg -K --keyid-format LONG

if you get a blank response ,generate a GPG key

gpg --generate-key

rerun the first command, you should get an output as:

sec   rsa3072/95A854E0593B3214 2019-05-06 [SC] [expires: 2021-05-05]
      AF2F7514568DC26B0EB97B9595A854E0593B74D8
uid                 [ultimate] yourname<your_email>
ssb   rsa3072/EFD326E6C611117C 2019-05-06 [E] [expires: 2021-05-05]

set git signing key

git config --global user.signingkey 95A854E0593B3214

then you are good to go! (--global is optional)

Alternatively if you don't mind signing with your ssh key

git config commit.gpgsign false

note that this is not recommended due to a security issue according to this question here and here

Barbarous answered 6/5, 2019 at 13:3 Comment(2)
"Alternatively if you dont mind signing with your ssh key" what does ssh have to do with signing?Wilder
SSH doesn't have anything to do with signing commits. They are referring to turning off GPG commit signing, and depending on using SSH keys to authenticate when you actually push your commits to a git server. You can push (and it is quite common) to push unsigned commits using SSH authentication.Glen
S
10

I had to fix the gpg.program to the absolute path to gpg:

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

I am using Windows with cygwin.

Subtangent answered 4/11, 2019 at 12:9 Comment(4)
This was the solution for me. I have installed gnupg using chocolatey.Bawdy
Thanks, worked for me too. I had done choco install gpg4winTelephone
You save my day! Thank you!Roesler
This fixed problem for me, with cygwin and gpg2 installed.Wystand
S
8

If it used to work and just stated failing, kill the agent and try again:

gpgconf --kill gpg-agent

Check if the agent is up again:

echo "test" | gpg --clearsign
Solicitous answered 6/4, 2021 at 8:37 Comment(0)
I
7

If you had your pinentry and gpg setup up before, and it stopped working out of nowhere:

Check if your gpg works:

echo "test" | gpg --clearsign

If it says gpg: signing failed: No pinentry, just restart the gpg daemon client, which gets stuck from time to time:

gpgconf --kill gpg-agent

Now it should be working:

echo "test" | gpg --clearsign
Idealistic answered 7/5, 2020 at 8:43 Comment(1)
Thank you! This was all that was needed for me after verifying that gpg signing key was not expired.Argentum
P
6

Use GIT_TRACE=1 to see where Git failed then check all custom configurations used by Git and where they are defined then override according to your need with :

GIT_TRACE=1 git commit -S -m "this will tell you wich intern git command failed"

git config --list --show-scope --show-origin

For me I had the error: gpg failed to sign the data and fatal: failed to write commit object because Git was using smimesign by default for some reason, even if I unset gpg.x509.program key, and smimesign couldn't find my key.

So I had to explicitly tell Git to use gpg instead :

git config --local gpg.x509.program gpg
Plaided answered 13/5, 2021 at 20:19 Comment(1)
Good call on the GIT_TRACE. It showed me the failing gpg command line it was running. When I ran it manually, that showed me the "Unusable secret key" that it skipped.Carom
S
4

I experienced this problem after upgrading to gnupg 2.x. It would seen that gpg2 is referencing keys differently: I still had signingkey = ABC98F11 (gpg v1 setting) in my ~/.gitconfig. The key identifiers for gpg2 are longer. Look them up with gpg --list-secret-keys

Schellens answered 11/10, 2017 at 8:54 Comment(0)
A
3

This error can also occur when your GPG key has expired. Generating a new key and adding it to Git should resolve this.

Airily answered 4/5, 2017 at 4:34 Comment(0)
B
2

For me this error started to occur with git tag -s on Debian GNU/Linux when I switched from pinentry-gnome3 to pinentry-curses (using update-alternatives --config pinentry) for easier remote access. It only occurred with git tag -s, not with gpg (e.g. gpg --clearsign) itself.

The sole change necessary to get it working again in this case was to add export GPG_TTY=$(tty) to my shell startup files.

I though didn't get the “Inappropriate ioctl for device” error message mentioned as indicator for this fix in another answer to this question.

Note: Since the cause for getting this error was a completely different one than for those who suggested export GPG_TTY=$(tty) before (usually as a side hint) in other answers to this question, I decided this question needs another answer which mentions that export GPG_TTY=$(tty) may be the main fix and sole thing necessary in some cases.

Bagby answered 23/3, 2018 at 9:36 Comment(2)
Thanks! update-alternatives --config pinentry did it for me. I am SSH'd into my desktop and pinentry was set to /usr/bin/pinentry-gnome3 (which should have a TTY fallback when SSH'd in or when switched to a virtual console). But it wasn't working, apparently. Setting the default to /usr/bin/pinentry-tty did the trick for me. I might have to set it back when I get back to my desktop, but, for now, I'm good. export GPG_TTY=$(tty) was not enough. I did it but needed to switch pinentry before I was able to sign my commit.Weeden
Depending on whether you are using an alternatives setup or not - (in my case not, as I am on FreeBSD) - you might need to tweak what pinentry is linked to. I was in a KDE Desktop environment and that link was pointing to pinentry-tty and I was getting the same error as the OP. However changing it to be a link to pinentry-qt5 made things "work" - which is fortunate as I am using an OpenGPG smart-card and some elements of the signing (& encryption!) setup are not physically accessible!Haunting
R
2

In my case, this error occurred when running git commit on a small tmux window that was not able to fit the passphrase prompt. 

$ echo "test" | gpg --clearsign
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

test
gpg: signing failed: Screen or window too small
gpg: [stdin]: clear-sign failed: Screen or window too small
Rollerskate answered 11/5, 2020 at 20:31 Comment(2)
Yeah this one is a doosey!Inlier
This should be the top answer because it's easiest to resolve quickly lolEggcup
P
1

I had made a git key with 3 separate keys for certify / sign / encrypt & the key showed as expired in the future (after working fine for a few days):

pub   rsa4096/4CD1E9DA 2017-04-26 [C] [expired: 2017-04-28]
      Key fingerprint = 4670 59C1 7592 08B8 7FA5  313B 2A42 B6A6 4CD1 E9DA
uid         [ expired] Stuart Cardall (GIT Development Keys) <xxxxxx>
sub   rsa4096/5195E715 2017-04-26 [E] [expired: 2019-04-26]
sub   rsa4096/DB74C297 2017-04-26 [S] [expired: 2019-04-26]
sub   rsa2048/A3913A3C 2017-04-28 [] [expired: never     ]

made a new key without adding separate subkeys to solve the problem.

Psyche answered 28/4, 2017 at 22:56 Comment(0)
B
1

What solved it for me was making sure the key's name matched my git user name. I assume the emails have to match too. This might have to do with me using GPG KeyChain on my Mac. Not sure.

I thought I was naming the key when I filled this out, but I guess it was asking for my name (git user name).

GPG Keychain form

Benito answered 6/1, 2020 at 18:31 Comment(1)
It's a pity this answer is so far down behind that many will not get here looking for their issue.Emelia
P
1

I had this error on macos - to try and troubleshoot I tried listing keys to see if they had expired using gpg2 --list-keys - I verified that the keys had not expired and that the proper key were set in my config using git config --global user.signingkey.

After I had run those commands I was suddenly able to do signed commits again without problems. I did not change my config files or keys - I did not even create a fresh Terminal instance. It just seemed like the gpg2 was somehow in a weird state on my mac.

Prose answered 30/3, 2020 at 17:41 Comment(0)
T
1

In my case, I had to match the name stored in GitHub settings to the name and comment of the key.

So if gpg --list-keys returns uid [ultimate] Joe Blogs (fancy comment) <[email protected]> your name in .gitconfig should be Joe Blogs (fancy comment).

Initially, I had my name set as Joe Blogs and GPG would not find my key and show the "no secret key" error in strace. Unfortunately, that error didn't appear without strace and one would get the generic

error: gpg failed to sign the data
fatal: failed to write commit object
Trug answered 8/9, 2020 at 11:59 Comment(0)
S
1

After searching a lot, I found that gpg key was the issue in my case.

You can try running gpg --status-fd=2 -bsau <your GPG key> if your GPG key is correct.

To update your correct key, do the following: check key using: gpg --list-secret-keys --keyid-format=long

It should have the following output:

/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec   4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid                          Hubot 
ssb   4096R/42B317FD4BA89E7A 2016-03-10

And then update the key using:

git config --global user.signingkey 3AA5C34371567BD2

Now check the commit again and it should success if key was the issue. You need to set the passphrase to update the key which you can do using GitHub docs.

More details are at: https://gist.github.com/paolocarrasco/18ca8fe6e63490ae1be23e84a7039374

Stichometry answered 12/1, 2022 at 9:52 Comment(0)
P
0

May be your Git config was set gpgsign = true. Try to set it to false if you dont want asign your commits. Go to your repository folder and change the file

nano .git/config

From this...

[core]
    repositoryformatversion = 0
    filemode = true
    bare = false
    logallrefupdates = true
[remote "origin"]
    url = [email protected]:yourrepo/project.git
    fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
    remote = origin
    merge = refs/heads/master
[user]
    signingkey = <GPG-KEY>
[commit]
    gpgsign = true

To this...

[core]
    repositoryformatversion = 0
    filemode = true
    bare = false
    logallrefupdates = true
[remote "origin"]
    url = [email protected]:yourrepo/project.git
    fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
    remote = origin
    merge = refs/heads/master
[user]
    signingkey = <GPG-KEY>
[commit]
    gpgsign = false
Papillose answered 13/7, 2017 at 21:54 Comment(0)
F
0

I solved the problem installing brew install gpg2 then doing git config --global gpg.program gpg2

Fishery answered 9/5, 2018 at 3:29 Comment(0)
R
0

Same error can also be caused when you have expired key in your git config.

Please check the content of cat .git/config and look for signingkey value and check if it is expired. If yes update it with the new one.

Roseroseann answered 10/2, 2020 at 7:49 Comment(0)
B
0

If you are using smart card/yubikey to store your GPG key and you set the signkey of git config by the key stored in the card (and all the answer above seem not to resolve your issue), your blocked PIN of the card might be the root cause of this issue.

To check the blocked PIN:

gpg --card-status

If the counter is similar to 

Reader ...........: Yubico YubiKey
PIN retry counter : 3 0 3

Then your PIN is blocked (after 3 unsuccessful tries).

To unblock the PIN:

gpg --card-edit
gpg/card> admin
Admin commands are allowed

gpg/card> passwd
gpg: OpenPGP card no. … detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 2
PIN unblocked and new PIN set.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? q
Binni answered 16/3, 2020 at 8:19 Comment(0)
W
0

For me a simple brew unintstall gnupg && brew cask reinstall gpg-suite solves the issue.

It uninstalls the (in my case) manually homebrew-istalled gpg and reinstalls the whole GPG Suite.

Westfalen answered 27/4, 2020 at 21:38 Comment(0)
O
0

In my case, I had mixed gpg configuration and smimesign configuration given in the commit signing documentation here: https://help.github.com/en/github/authenticating-to-github/telling-git-about-your-signing-key

After working on it for hours, I found the best way to correct it was unset everything related to gpg, and reconfiguring gpg.

As mentioned in @Jason Thrasher's answer, find all the git config related to gpg using:

git config -l | grep gpg

Then unset everything golablly as well as locally using:

git config --global --unset <config_name>
git config --local --unset <config_name>

Then reconfigure following the official documentation given above. Hope this helps.

Olivero answered 4/5, 2020 at 6:50 Comment(1)
Also, I am using gpg2Olivero
V
0

I had this issue just now when VSCode updated. I figured the GPG agent was hanging, as the command took a good few seconds to run before erroring out. Running gpgconf --kill gpg-agent reset that and fixed it for me.

Viand answered 25/9, 2020 at 16:44 Comment(4)
When you do that gpg-agent just starts again next time you sign something with GPG.Schwarz
@Schwarz That's the point. I just needed to kill it to get it out of whatever rut it was in, and when it started up again it worked fine.Viand
I don't know why off-and-on-again works when it does, but it does. ¯\_(ツ)_/¯Viand
Thank you, VSCode was not able to get the password to signin the commit. After restarting the agent as suggested it worked.Monasticism
S
0

For my Linux system with a GUI and gpg 2.2.19, neither killing gpg-agent (which starts itself again), unsetting $DISPLAY or setting $GPG_TTY worked for me because it was trying to use pinentry-gnome to ask for the password from the console. And my key had not expired.

From a SuperUser answer for a similar question, How to force GPG to use console-mode pinentry to prompt for passwords?, the problem can also occur if your system has a GUI such as GNOME, and your package manager is configured to use a GUI pinentry program, which is the reason why it’s hanging.

I had to switch to pinentry-tty to get GPG to sign messages again. On Ubuntu, this can be done using steps from the link which I will quote here:

sudo apt install pinentry-tty
sudo update-alternatives --config pinentry

The second command will show you a list of pinentry programs and ask you to type a number to select one, so type the one corresponding to pinentry-tty, and then without any additional effort, signing messages (and git commits) should work again.

Schwarz answered 16/2, 2021 at 22:23 Comment(0)
S
0

I had this issue on both linux/windows platforms and in my case I just needed to pay more careful attention to the output. This was mind-boggling because I could use the same setup to sign commits in other repos.

git commit -m "test signing"
gpg: skipped "***63231079***": No secret key
gpg: signing failed: No secret key
error: gpg failed to sign the data
fatal: failed to write commit object

I added emphasis on the "skipped" line. Please note that sometimes when you clone a repo they had a key assigned: this issue had me so befuddled that I nuked the forked repo I had access to and re-forked on github. Then because I was thinking "global config" I never thought to look at the local repo config, and when I did I noticed this:

[user]
    signingkey = 63231079

Well, of course it wouldn't work nimrod, git defaults to local settings first so that's why your key never picked up. I set the pointer via git config and It's worked ever since.

Socratic answered 27/3, 2021 at 16:38 Comment(0)
A
0

What is gpg: GNU Privacy Guard

usage:

GPG is an excellent method to ensure secure communication between two parties. It allows sensitive information to be easily shared across an insecure network.

Simple solution:

Step1: check if the key is expired please do

gpg -K --keyid-format SHORT

Step2: In case its not expired

git config --global user.signingkey

Agonist answered 12/5, 2021 at 6:45 Comment(0)
Y
0

If you are using windows powershell(5.1+), I guess this command will work.

  1. get gpg program path with this command.
(Get-Command gpg).Path
  1. after get path, copy path.
  2. use this command
git config gpg.program <your path>

try to commit. Happy coding!!!

Yap answered 10/6, 2022 at 19:22 Comment(0)
M
-2

Fail-safe option that worked for me: reboot my machine.

It's heavy handed, and it probably won't stop the problem from popping up again eventually. But I had the same problem, tried solutions from just about every answer, no luck.

Adding it here in the hopes that it unblocks someone else in my situation :)

Midget answered 12/3, 2022 at 4:41 Comment(2)
Not sure why you got downvoted, it had been working for literal years for me and suddenly stopped working. I tried every answer to this question and nothing worked (and gpg --clearsign worked fine). Rebooted and it worked again.Boomkin
Even this didn't help meHausa
R
-8

This will help you to get rid of it

git config commit.gpgsign false

Ritter answered 12/7, 2018 at 10:51 Comment(2)
I don't understand the down vote, it solved the proposed issue like a charm for me.Nide
This command should be avoided. It will only remove the requirement to sign the git commit, not resolve the issue of authenticating the person who is making the commit.Cowshed

© 2022 - 2024 — McMap. All rights reserved.