80

I installed GPG from brew.

brew install gpg

It is gnupg2-2.0.30_2.

When I commit, I do get a error message:

You need a passphrase to unlock the secret key for
user: "Max Mustermann (mycomment) <mm@test.de>"
2048-bit RSA key, ID 1111AAAA, created 2017-01-05 

error: gpg failed to sign the data
fatal: failed to write commit object

I used the command:

gpg --list-secret-keys | grep ^sec

and it gives me back:

sec   2048R/1111AAAA 2017-01-05

Then I used this command:

git config --global user.signingkey 1111AAAA

commit gives me back the same error message.

How can I solve this problem?

sideshowbarker
  • 72,859
  • 23
  • 167
  • 174
Mondy
  • 1,705
  • 3
  • 14
  • 24
  • 1
    Also: https://stackoverflow.com/questions/39494631/gpg-failed-to-sign-the-data-fatal-failed-to-write-commit-object-git-2-10-0 (Possible duplicate) – DrBeco Nov 19 '17 at 20:00
  • And https://stackoverflow.com/questions/41052538/git-error-gpg-failed-to-sign-data (Possible duplicates) – DrBeco Nov 19 '17 at 20:09
  • Possible duplicate of [gpg failed to sign the data fatal: failed to write commit object \[Git 2.10.0\]](https://stackoverflow.com/questions/39494631/gpg-failed-to-sign-the-data-fatal-failed-to-write-commit-object-git-2-10-0) – Naman Nov 20 '17 at 16:34

7 Answers7

97

If you’re not getting prompted at all for a passphrase, the solution may just be to install a program to facilitate that. The most common is pinentry.

brew install pinentry-mac

So installing that and trying again may get things working. But if not, another thing to do is make sure git it using/finding the right GPG program. These days you really should be using gpg2, so if you don’t already have that installed, do this:

gpg --version

…and make sure it indicates you have GnuPG version 2+ (not version 1) installed.

If you already have GnuPG 2+ and pinentry installed, then try this:

echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf

…or, more robustly:

echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf

…and then try again.

And you may also need to stop gpg-agent:

gpgconf --kill gpg-agent

You don’t need to manually restart it — it will get restarted automatically when it’s needed.

Note: Some commenters mention needing to reboot after making changes — but it seems likely the only effect of that is to cause gpg-agent to be restarted. So manually killing gpg-agent as described above should be sufficient.

sideshowbarker
  • 72,859
  • 23
  • 167
  • 174
  • 5
    Installing `pinentry-mac` solved my issue. Thank you! – Amazing Rando Jan 30 '17 at 02:07
  • I am having the same issue, despite performing all of these steps. – Euan Millar Jun 03 '17 at 01:52
  • 6
    I followed the above steps but needed a reboot before this worked – Sjuul Janssen Dec 22 '17 at 14:23
  • MacOS Mojave is the root of all evil. After I upgraded to Majave all my homebrew apps stopped working including gnupg. I recomplied them all and it started working. – hamidfzm Oct 04 '18 at 15:00
  • 34
    For me restarting the gpg-agent worked so I didn't need to restart: `gpgconf --kill gpg-agent` – phikes Nov 23 '18 at 12:59
  • 20
    I had to kill `gpg-agent` and start it again using `gpg-agent --daemon` – Mohammad Banisaeid Jan 10 '19 at 15:20
  • 1
    I got the error `gpg: Sorry, no terminal at all requested - can't get input` when try to use `gpg --full-generate-key`. If you get this error just remove the line `no-tty` from `~/.gnupg/gpg.conf` or `~/.gnupg/options` – adrxlm Feb 04 '20 at 14:12
  • I had to restart gpg-agent like @MohammadBanisaeid said – GabrielBB Mar 17 '20 at 16:51
  • in my case, `git config --global gpg.program gnupg` works even though I install it via homebrew this ways: `brew install gnupg2` – mochadwi Feb 10 '21 at 14:52
  • I just ran a brew upgrade, which of course updated only these things: `openssl`, `pinentry`, `libgcrypt`, `gnupg` (the perfect isolated chaos to break things). It seems after the update I just needed to restart the gpg agent with: `gpgconf --kill gpg-agent` and then when I went to try and commit again things were fixed – CTS_AE Sep 13 '21 at 18:30
  • 1
    Latest homebrew on M1 changes the bin dir, use this: `echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf` – jqr Nov 11 '21 at 14:15
  • In my M1, `brew install gpg` already gives GnuPG 2. – emyller Mar 14 '22 at 13:08
75

To anybody who is facing this issue on MacOS machines, try this:

  1. brew uninstall gpg
  2. brew install gpg2
  3. brew install pinentry-mac (if needed)
  4. gpg --full-generate-key Create a key by using an algorithm.
  5. Get generated key by executing: gpg --list-keys
  6. Set the key here git config --global user.signingkey <Key from your list>
  7. git config --global gpg.program /usr/local/bin/gpg
  8. git config --global commit.gpgsign true
  9. If you want to export your Key to GitHub then: gpg --armor --export <key> and add this key to GitHub at GPG keys: https://github.com/settings/keys (with START and END line included)

If the issue still exists:

test -r ~/.bash_profile && echo 'export GPG_TTY=$(tty)' >> ~/.bash_profile

echo 'export GPG_TTY=$(tty)' >> ~/.profile

If the issue still exists:

Install https://gpgtools.org and sign the key that you used by pressing Sign from the menu bar: Key->Sign

If the issue still exists:

Go to: ‎⁨your global .gitconfig file which in my case is at: ‎⁨/Users/gent/.gitconfig And modify the .gitconfig file (please make sure Email and Name are the same with the one that you have created while generating the Key):

[user]
 email = gent@youremail.com
 name = Gent
 signingkey = <YOURKEY>
[gpg]
 program = /usr/local/bin/gpg
[commit]
 gpsign = true
 gpgsign = true
[filter "lfs"]
 process = git-lfs filter-process
 required = true
 clean = git-lfs clean -- %f
 smudge = git-lfs smudge -- %f
[credential]
 helper = osxkeychain

p.s I took this answer from my previous answer here: gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]

Gent
  • 5,805
  • 1
  • 35
  • 40
5

I had the same error message and found that my key was expired. So it might be a good idea to check your key expiration with:

gpg --list-keys

If your key is expired as well you can adjust the expiration date with:

gpg --edit-key <YOUR_KEY>

and then:

gpg> expire
...enter the new expiration date...
gpg> save
A5308Y
  • 389
  • 5
  • 13
1

I ran brew upgrade on macOS and it broke my gpg signing in git, presumably when it updated the gpg package. I assume there's an easier way to force the gpg service to restart correctly (I assume something that was actively running broke when I upgraded the package), but my fix for this was pretty simple: Just restart your computer.

Connor Shea
  • 749
  • 7
  • 21
0

Install GPGSuite instead , it has GUI for generating the key.

You can see more details here

Adham Saad
  • 79
  • 2
0

If you are still getting problems in macOS, open ~/.gitconfig and change anything below [gpg] to program = /usr/local/bin/gpg

BaharaJr
  • 35
  • 2
  • 5
0

In my case the user.signingkey was setting wrong....Copy the right signingkey the problem solved

enter image description here

tangkunyin
  • 1,323
  • 1
  • 8
  • 8