Gpg failed to sign data fatal: failed to write commit object [Git 2.10.0]

I have DONE through this short and simple recipe:

The automatic sign is fixed on MacOS (globally and with different IDEs):

Get signingkey in this way .

 brew install gnupg gnupg2 pinentry-mac git config --global user.signingkey <YOUR_SIGNING_KEY> git config --global commit.gpgsign true git config --global gpg.program gpg 

Place the following in the gpg.conf file (edit the file using the nano ~/.gnupg/gpg.conf ):

 no-tty 

Place the following in the gpg-agent.conf file (edit the file using the nano ~/.gnupg/gpg-agent.conf ):

 pinentry-program /usr/local/bin/pinentry-mac 

May help in the process of killing gpg-agent , which may depend on old data. So the new gpg-agent would start asking for a password

Follow the URL below to configure the signed commit https://help.github.com/en/articles/telling-git-about-your-signing-key

if still getting gpg failed to sign data fatally: failed to write commit object

this is not a problem with Git, this is with GPG follow the instructions below

1. gpg --version

2. echo "test" | gpg --clearsign

if it shows:

 gpg: signing failed: Inappropriate ioctl for device gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device 

3. then use export GPG_TTY=$(tty)

4. then try echo "test" | gpg --clearsign again echo "test" | gpg --clearsign echo "test" | gpg --clearsign in which the PGP signature is received.

5. git config -l | grep gpg

gpg.program = GPG commit.gpgsign = true

6. apply git commit -S -m "commitMsz"

My two cents are here:

When you create and add a key to gpg-agent, you define something called passphrase . Now that passphrase expires at some point, gpg needs you to passphrase it again to unlock the key so that you can start signing again.

When you use any other program that interacts with gpg , gpg prompts you to enter your passphrase (basically, gpg-agent cannot show you the input dialog in stdin when demonized).

One solution is gpg --sign a_file.txt then enter the passphrase that you entered when creating the key, and then everything should be fine ( gpg-agent should automatically sign)

See this answer on how to set longer timeouts for your passphrase so you don't have to do this all the time.

Or you can completely remove the passphrase using ssh-keygen -p

Anyone who encounters this issue on MacOS computers try this:

1. brew uninstall gpg
2. brew install gpg2
3. brew install pinentry-mac (if necessary)
4. gpg --full-generate-key Create a key using an algorithm.
5. Get the generated key by running: gpg --list-keys
6. Set the git config --global user.signingkey <Key from your list> key here git config --global user.signingkey <Key from your list>
7. git config --global gpg.program/usr/local/bin/gpg
8. git config --global commit.gpgsign true
9. If you want to export your key to GitHub, then: gpg --armor --export <key> and add this key to GitHub in the GPG keys: https://github.com/settings/keys (with gpg --armor --export <key> START and END)

If the problem still exists:

test -r ~/.bash_profile && echo 'export GPG_TTY=$(tty)' >> ~/.bash_profile

echo 'export GPG_TTY=$(tty)' >> ~/.profile

If the problem still exists:

Install https://gpgtools.org and sign the key that you used by clicking Sign in the menu bar: Key → Sign

If the problem still exists:

Go to: Your global .gitconfig file, which in my case is: /Users/gent/.gitconfig And change the .gitconfig file (please make sure the e-mail and name are the same as the one you created the Key Generation time):

 [user] email = gent@youremail.com name = Gent signingkey = <YOURKEY> [gpg] program = /usr/local/bin/gpg [commit] gpsign = true gpgsign = true [filter "lfs"] process = git-lfs filter-process required = true clean = git-lfs clean -- %f smudge = git-lfs smudge -- %f [credential] helper = osxkeychain 

October 2016 Update: Issue 871 mentioned: "Signing stopped working in Git 2.9.3"

Git for Windows 2.10.1 , released two days ago (October 4, 2016), fixed a subscription to the Interactive GPG commits and tag.

A recent change in the gpg sign in Git (which does not present a problem on Linux) causes a problem in how, on Windows, non-MSYS2-git interacts with MSYS2-gpg.

Original answer:

Reading " 7.4 Git Tools - Signing Your Work, " I assume you have your user.signingkey . "

The last big refactoring (before Git 2.10) around gpg was in commit 2f47eae2a , here the error message was ported to gpg-interface.c

The log in this file shows a recent change to commit af2b21e (Git 2.10)

gpg2 already uses the long default format, but most distributions still have "gpg" an older version 1.x due to compatibility reasons. And older versions of gpg only show a 32-bit short identifier, which is pretty unsafe.

It does not matter for the verification itself: if the verification passes, the pgp signature is good.
But if you don’t do it, there really is still a key, and you want to get it, or you want to check exactly which key was used to check and want to check it, we must specify the key with greater accuracy.

So, check how you specified the user.signingkey configuration and the version of gpg you are using (gpg1 or gpg2) to see if these messages affect the error.

There is also commit 0581b54 that modifies the condition of the gpg failed to sign the data error message (in addition to commit 0d2b664 ):

We do not currently read stderr. However, we will want a future patch, so this also prepares us there (in which case gpg writes before reading the entire input, although, again, it is unlikely that the key uid will fill the buffer buffer).

Commit 4322353 shows that gpg is now using a temporary file, so problems can occur.

Allow conversion to a tempfile object that handles hard cases for us, and add the missing cleanup call.

Using cygwin, I recently switched to gpg2 . Then I had the same problem for signing with git after installing git config gpg.program gpg2 .

Try echo "test" | gpg2 --clearsign echo "test" | gpg2 --clearsign see if gpg2 works. I found this the easiest solution just by installing git config gpg.program gpg because it works. But you will also get a better error this way - for example, you need to install pinentry.

This bastard was very indicative of my situation ...

  GIT_TRACE=1 git commit -m "a commit message" 

  13:45:39.940081 git.c:344 trace: built-in: git commit -m 'a commit message' 13:45:39.977999 run-command.c:640 trace: run_command: gpg --status-fd=2 -bsau 'full name <your-email@domain.com>' error: gpg failed to sign the data fatal: failed to write commit object 

I needed to generate the initial key according to the format that git checked. It is best to copy the value passed to -bsau above in the logs, as is, and use below.

And so it becomes

  gpg --quick-generate-key "full name <your-email@domain.com>" 

Then it worked.

Hope this helps.

I ran into the same problem. I am pleased to report that the problem is not in git 2.10.0 , but in gnupg 1.4.21 .

Temporarily lowering gnupg to 1.4.20 fixed the problem for me.

If you use homebrew and you have updated your packages like me, you can simply run brew switch gnupg 1.4.20 to go back.

Maybe a stuck gpg agent.

Try gpgconf --kill gpg-agent as described here

Make sure your email address is set correctly.

 git config --global user.email "user@example.com" 

If the email address associated with your GPG key is different from the email address you use in git, you need to add another user ID to your key or use a key that exactly matches the address.

You can add another UID using:

$ gpg --edit-key

See for mo https://superuser.com/questions/293184/one-gnupg-pgp-key-pair-two-emails

I must have somehow accidentally updated gpg because I got this after trying to check if gpg works:

 gpg: WARNING: server 'gpg-agent' is older than us (2.1.21 < 2.2.10) gpg: Note: Outdated servers may lack important security fixes. gpg: Note: Use the command "gpgconf --kill all" to restart them. 

Running gpgconf --kill all fixed for me.

Hope this helps someone.

I got this error on Ubuntu 18.04, and it turned out that my key has expired .

To see this, I ran this and confirmed that my keys were expired:

 gpg --list-keys 

To fix this, I ran (using the identifier specified in the previous command):

 gpg --edit-key <ID> 

From there I extended the validity of key 0 and key 1 , following these instructions , which came down to entering key 0 , then expire and following the prompts. Then repeat for key 1 .

Then, to check this, I ran:

 echo test | gpg --clearsign 

And before the correction, an error occurred:

gpg: no default secret key: No secret key
gpg: [stdin]: clear-sign failed: No secret key

But after the correction, the same team successfully signed the message, so I knew that everything was working again!

I had a similar problem with the latest Git sources (2.12.2) built together with the latest sources of all its dependencies (Zlib, Bzip, cURL, PCRE, ReadLine, IDN2, iConv, Unistring, etc.).

Turns out libreadline giving GnuPG problems:

 $ gpg --version gpg: symbol lookup error: /usr/local/lib/libreadline.so.7: undefined symbol: UP 

And, of course, the attempt to get useful information from Git with -vvv failed, so the failure was a mystery.

To resolve PGP error due to ReadLine, follow the instructions in Unable to update or use package manager - gpg error :

In terminal:

 ls /usr/local/lib 

there was a bunch of readline libs (libreadline.so.BLAH-BLAH) so i:

 su mkdir temp mv /usr/local/lib/libreadline* temp ldconfig 

The answers above are excellent, but they didn’t work for me. What solved my problem was the export of public and private keys.

list the keys from the machine with which we export

 $ gpg --list-keys /home/user/.gnupg/pubring.gpg -------------------------------- pub 1024D/ABCDFE01 2008-04-13 uid firstname lastname (description) <email@example.com> sub 2048g/DEFABC01 2008-04-13 

export keys

 $ gpg --output mygpgkey_pub.gpg --armor --export ABCDFE01 $ gpg --output mygpgkey_sec.gpg --armor --export-secret-key ABCDFE01 

go to the machine we import and import

 $ gpg --import ~/mygpgkey_pub.gpg $ gpg --allow-secret-key-import --import ~/mygpgkey_sec.gpg 

Bingo Bongo, you're done!

link: https://www.debuntu.org/how-to-importexport-gpg-key-pair/

ps. My keys were originally made in bootcamp windows 7, and I exported them to my Mac Air (the same physical machine, virtually another)

None of the above answers seem to match my problem. My gpg binary ( /usr/local/bin/gpg -> /usr/local/MacGPG2/bin/gpg2 ) was installed as part of the GPG Suite , not brew.

However, I felt that the advice came down to: "use so that gpg binary is the last available on brew." So I tried:

 brew update brew upgrade git brew install gpg # the following are suggestions from brew Caveats, to make `/usr/local/bin/gpg` # point to the brew binary: rm '/usr/local/bin/gpg' brew link --overwrite gnupg2 

I checked that I correctly changed gpg to my $PATH to point to the new executable from brew:

 🍔 which gpg /usr/local/bin/gpg 🍔 ls -l /usr/local/bin/gpg lrwxr-xr-x 1 burger admin 33 Feb 13 13:22 /usr/local/bin/gpg -> ../Cellar/gnupg2/2.0.30_3/bin/gpg 

And I also explicitly told git what gpg binary to use:

 git config --global gpg.program gpg 

Well, maybe it is not completely waterproof, as it is path-sensitive. I really did not go so far that I had no doubt that git switched to calling brew gpg .

Anyway: that wasn't enough for git commit to successfully sign my commits again.

The thing that worked for me in the long run was to upgrade the GPG Suite. I was running version 2016.7 and I found that updating to 2016.10 fixed the problem for me.

I opened GPG Keychain.app and clicked on "Check for Updates ...". With the new version: signed commits worked correctly again.

installed it simply:

 brew uninstall gpg brew install gpg2 

Very similar to @birchlabs, after much searching and searching, I found that this is not GPG, but GPG Suite. I did cask reinstall gpg-suite and he solved it for me.

I'm on Ubuntu 18.04 and got the same error, also worried for several weeks. Finally I realized that gpg2 does not indicate anything. So just run

 git config --global gpg.program gpg 

And tada, it works like a charm.

Your commits will now be tagged with them.

If this happened by accident and works fine in the past, as in my case, try logging out ( cmd+shift+q ) and logging in. Worked for me

In my case, none of the solutions mentioned in the other answer worked. I found that the problem was specific to a single repository. Removing and cloning the repo solved the problem again.

I stumbled upon this error not because of configuration problems, but because my key has expired. The easiest way to extend it in OSX is to open the GPG Keychain application (if you have it installed), and it will automatically offer you to renew it. Two clicks and you're done. Hope this helps Google colleagues :)

I saw similar answers, but nothing like what worked for me. On Linux, I had to kill and restart gpg-agent with:

 $ pkill gpg-agent $ gpg-agent --daemon $ git commit ... 

It helped me. It looks like you need to configure user.signingkey to your private key, as well as what some other comments say.

Something strange, but make sure your terminal is big enough! You can determine if it is too small by running echo test | gpg --clearsign echo test | gpg --clearsign - it will give you a pretty obvious error message telling you. If it is not large enough, your GPG agent will not be able to display its small ncurses block.

This will not apply if you are using a GUI agent or something that does not use ncurses.

This started to happen all of a sudden for me on Ubuntu, not sure if some recent update did this, but none of the existing problems were applicable to me (I installed GPG_TTY , tried to kill the agent, etc.). The standalone gpg command did not complete with this error:

 $ echo "test" | gpg --clearsign -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 test gpg: signing failed: Operation cancelled gpg: [stdin]: clear-sign failed: Operation cancelled 

I tried to run gpg with the option --debug-all and noticed the output below:

 gpg: DBG: chan_3 <- INQUIRE PINENTRY_LAUNCHED 27472 gnome3 1.1.0 /dev/pts/6 screen-256color - gpg: DBG: chan_3 -> END gpg: DBG: chan_3 <- ERR 83886179 Operation cancelled <Pinentry> gpg: signing failed: Operation cancelled 

The above indicates a problem with the pinentry program. Gpg usually runs pinentry-curses for me, so I changed its pinentry-tty (I had to install aptitude first) and the error went away (although I no longer get the password in full screen, but I don't like it anyway) to make this change, I had to add the line pinentry-program /usr/bin/pinentry-tty to ~/.gnupg/gpg-agent.conf and kill the agent with gpgconf --kill gpg-agent (it will be restarted next time) .