git - gpg onto mac osx: error: gpg failed to sign the data

Asked 6/1, 2017 at 9:0 Answered 20/2, 2023 at 3:52

106

I installed GPG from brew.

brew install gpg

It is gnupg2-2.0.30_2.

When I commit, I do get a error message:

You need a passphrase to unlock the secret key for
user: "Max Mustermann (mycomment) <[email protected]>"
2048-bit RSA key, ID 1111AAAA, created 2017-01-05 

error: gpg failed to sign the data
fatal: failed to write commit object

I used the command:

gpg --list-secret-keys | grep ^sec

and it gives me back:

sec   2048R/1111AAAA 2017-01-05

Then I used this command:

git config --global user.signingkey 1111AAAA

commit gives me back the same error message.

How can I solve this problem?

Stane answered 6/1, 2017 at 9:0 Comment(5)

Also: #39495131 (Possible duplicate) – Hilaria 19/11, 2017 at 20:0

And #41053038 (Possible duplicates) – Hilaria 19/11, 2017 at 20:9

Possible duplicate of gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0] – Pollinate 20/11, 2017 at 16:34

I had a similar issue, after a year of stable operation, although my GPG key didn't expire. All I had to do was to run gpgconf --kill gpg-agent and it started to work again. – Meninges 29/12, 2022 at 10:28

Why is this a Stack Overflow question (as opposed to Unix & Linux) at all? This is a command-line tool usage question, not a development question. – Ideogram 20/2, 2023 at 4:1

150

If you’re not getting prompted at all for a passphrase, the solution may just be to install a program to facilitate that. The most common is pinentry.

brew install pinentry-mac

So installing that and trying again may get things working. But if not, another thing to do is make sure git it using/finding the right GPG program. These days you really should be using gpg2, so if you don’t already have that installed, do this:

gpg --version

…and make sure it indicates you have GnuPG version 2+ (not version 1) installed.

If you already have GnuPG 2+ and pinentry installed, then try this:

echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf

…or, more robustly:

echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf

…and then try again.

And you may also need to stop gpg-agent:

gpgconf --kill gpg-agent

You don’t need to manually restart it — it will get restarted automatically when it’s needed.

Note: Some commenters mention needing to reboot after making changes — but it seems likely the only effect of that is to cause gpg-agent to be restarted. So manually killing gpg-agent as described above should be sufficient.

Equity answered 6/1, 2017 at 13:8 Comment(13)

Installing pinentry-mac solved my issue. Thank you! – Sheepshanks 30/1, 2017 at 2:7

I am having the same issue, despite performing all of these steps. – Endogenous 3/6, 2017 at 1:52

I followed the above steps but needed a reboot before this worked – Gadfly 22/12, 2017 at 14:23

MacOS Mojave is the root of all evil. After I upgraded to Majave all my homebrew apps stopped working including gnupg. I recomplied them all and it started working. – Plumbic 4/10, 2018 at 15:0

For me restarting the gpg-agent worked so I didn't need to restart: gpgconf --kill gpg-agent – Digenesis 23/11, 2018 at 12:59

I had to kill gpg-agent and start it again using gpg-agent --daemon – Thissa 10/1, 2019 at 15:20

I got the error gpg: Sorry, no terminal at all requested - can't get input when try to use gpg --full-generate-key. If you get this error just remove the line no-tty from ~/.gnupg/gpg.conf or ~/.gnupg/options – Wailoo 4/2, 2020 at 14:12

I had to restart gpg-agent like @MohammadBanisaeid said – Doug 17/3, 2020 at 16:51

in my case, git config --global gpg.program gnupg works even though I install it via homebrew this ways: brew install gnupg2 – Burletta 10/2, 2021 at 14:52

I just ran a brew upgrade, which of course updated only these things: openssl, pinentry, libgcrypt, gnupg (the perfect isolated chaos to break things). It seems after the update I just needed to restart the gpg agent with: gpgconf --kill gpg-agent and then when I went to try and commit again things were fixed 🎉 – Sharolynsharon 13/9, 2021 at 18:30

Latest homebrew on M1 changes the bin dir, use this: echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf – Pariah 11/11, 2021 at 14:15

In my M1, brew install gpg already gives GnuPG 2. – Enthusiasm 14/3, 2022 at 13:8

It works! And if you have installed pinentry-mac with brew on latest MacOS(currently is 12.6), It will be installed at /opt/homebrew/bin/pinentry-mac – Taps 15/9, 2022 at 3:41

To anybody who is facing this issue on MacOS machines, try this:

brew uninstall gpg
brew install gpg2
brew install pinentry-mac (if needed)
gpg --full-generate-key Create a key by using an algorithm.
Get generated key by executing: gpg --list-keys
Set the key here git config --global user.signingkey <Key from your list>
git config --global gpg.program /usr/local/bin/gpg
git config --global commit.gpgsign true
If you want to export your Key to GitHub then: gpg --armor --export <key> and add this key to GitHub at GPG keys: https://github.com/settings/keys (with START and END line included)

If the issue still exists:

test -r ~/.bash_profile && echo 'export GPG_TTY=$(tty)' >> ~/.bash_profile

echo 'export GPG_TTY=$(tty)' >> ~/.profile

If the issue still exists:

Install https://gpgtools.org and sign the key that you used by pressing Sign from the menu bar: Key->Sign

If the issue still exists:

Go to: ‎⁨your global .gitconfig file which in my case is at: ‎⁨/Users/gent/.gitconfig And modify the .gitconfig file (please make sure Email and Name are the same with the one that you have created while generating the Key):

[user]
    email = [email protected]
    name = Gent
    signingkey = <YOURKEY>
[gpg]
    program = /usr/local/bin/gpg
[commit]
    gpsign = true
    gpgsign = true
[filter "lfs"]
    process = git-lfs filter-process
    required = true
    clean = git-lfs clean -- %f
    smudge = git-lfs smudge -- %f
[credential]
    helper = osxkeychain

p.s I took this answer from my previous answer here: gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]

Bungalow answered 12/4, 2019 at 7:23 Comment(5)

The GPGTools is what did it for me, it seems that prompts for the passphrase and then adds it into the keychain :) – Sharolynsharon 13/9, 2020 at 0:7

Thanks man! Far better then the current accepted answer for me – Eristic 6/8, 2021 at 15:21

Signing using the GPGTools was what did it for me! Isnt there a way to sign the key using gpg cli? – Tudor 6/1, 2022 at 13:19

Note that "Stack Snippets" are our local JSFiddle equivalent -- they're only for JavaScript, CSS, HTML, and otherwise code that can run in a browser. Use the {} button instead of the snippet button otherwise. – Ideogram 20/2, 2023 at 4:2

I was missing "gpg --full-generate-key" and this is exactly what the error log was complaining about. Thank you very much for the detailed answer – Firebird 29/8, 2023 at 14:4

I had the same error message and found that my key was expired. So it might be a good idea to check your key expiration with:

gpg --list-keys

If your key is expired as well you can adjust the expiration date with:

gpg --edit-key <YOUR_KEY>

and then:

gpg> expire
...enter the new expiration date...
gpg> save

Kailyard answered 24/9, 2019 at 10:30 Comment(1)

Many answers mention using gpg --list-keys to check if a key exists then otherwise create a new one. But nobody says to pay attention to the expiration date. There's a single character difference between [expires: YYYY-MM-DD] and [expired: YYYY-MM-DD] that can easily overlooked. – Greatgrandaunt 20/11, 2022 at 7:52

I ran brew upgrade on macOS and it broke my gpg signing in git, presumably when it updated the gpg package. I assume there's an easier way to force the gpg service to restart correctly (I assume something that was actively running broke when I upgraded the package), but my fix for this was pretty simple: Just restart your computer.

Enzymology answered 8/7, 2021 at 20:58 Comment(2)

Indeed this just happened to me. killall gpg-agent was the process that needed a swift kick in the ... – Prism 26/8, 2021 at 22:2

@MikeHardy amazing ... I tried everything and this unexpected command just fixed it (got the issue after upgrading to Monterey) – Octameter 26/11, 2021 at 12:49

Install GPGSuite instead , it has GUI for generating the key.

You can see more details here

Misspeak answered 17/6, 2020 at 18:16 Comment(0)

If you are still getting problems in macOS, open ~/.gitconfig and change anything below [gpg] to program = /usr/local/bin/gpg

Threadfin answered 18/9, 2020 at 13:43 Comment(0)

In my case the user.signingkey was setting wrong....Copy the right signingkey the problem solved

Thant answered 10/12, 2020 at 10:42 Comment(0)

If this happens to you after installing Xcode, your git binary may have been replaced. (This particular solution assumes you are managing your git install with homebrew.)

Symptoms:

You are not prompted for a passphrase

Your error message is

error: gpg failed to sign the data
fatal: failed to write commit object

$ git config --global gpg.program throws an error

You see a system git instead of one installed by homebrew:

$ which git
/usr/bin/git # should be /usr/local/bin/git with homebrew
$ ls -l $(which git)
-rwxr-xr-x  1 root  wheel  167072 Feb  6  2022 /usr/bin/git
# should be a symbolic link with homebrew:
# lrwxr-xr-x  1 user  admin  28 Aug 16 12:11 /usr/local/bin/git -> ../Cellar/git/2.37.2/bin/git
$ git --version
git version 2.32.1 (Apple Git-133)

In this case the solution is to install or reinstall git with homebrew.

$ brew install git
# <output>
# then restart your terminal
$ ls -l $(which git)
lrwxr-xr-x  1 user  admin  28 Aug 16 12:11 /usr/local/bin/git -> ../Cellar/git/2.37.2/bin/git
$ git --version
git version 2.37.2

Don't forget to restart your terminal.

Facsimile answered 29/8, 2022 at 20:2 Comment(0)

To solve this issue without killing gpg-agent on every restart:

Check if you have multiple copies of gpg and gpg-agent:

$ which -a gpg-agent
/opt/homebrew/bin/gpg-agent
/usr/local/MacGPG2/bin/gpg-agent

$ which -a gpg
/opt/homebrew/bin/gpg
/usr/local/bin/gpg
/usr/local/bin/gpg

For me, there were some leftover binaries from old Macbook migrations installed by MacGPG2.

Removing those binaries (and symlinks) and checking again to make sure there is only one copy:

$ which -a gpg
/opt/homebrew/bin/gpg

$ which -a gpg-agent
/opt/homebrew/bin/gpg-agent

Then restart your computer one last time.

gpg should sign correctly without needing to kill anything:

$ echo "test" | gpg --clearsign
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

test
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIzBAEBCgAdFiEE1S8n.....
-----END PGP SIGNATURE-----

Eustoliaeutectic answered 20/2, 2023 at 3:52 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags