1

My commits are currently coming in as "Unverified" but they should be set to "Verified".

I've followed the this guide to create my GPG key and when I do gpg --list-secret-keys --keyid-format LONG I get the following:

sec   rsa4096/SOME_KEY 2019-10-24 [SC]
      SOME_OTHER_LONGER_KEY
uid                 [ultimate] Ryan Wood <myemail@address.com>
ssb   rsa4096/SOME_OTHER_KEY 2019-10-24 [E]

I did gpg --armor --export SOME_KEY to produce the public key and put it on GitHub as per the instructions here. Furthermore, I set git config --global commit.gpgsign true as per this guide and was prompted for my passphrase on my last commit, which I entered correctly. I also verified that the email I provided to GPG and the email I have listed on GitHub are the same. Finally, I set my signing key in git according to the answer provided in this question by doing git config --global user.signingkey SOME_KEY. However, my commit is unverified.

Is there anything else I need to do here or does the process require a certain amount of time before the commits show as verified?

Woody1193
  • 4,413
  • 1
  • 28
  • 58
  • 1
    What is the email id set for your user in git's global config and repo config? Are they the same as the email you have used for the GPG key? – TheGeorgeous Oct 24 '19 at 07:42
  • I'm not sure how to access the repo config but the global config matches the value I assigned to the key, `myemail@address.com` – Woody1193 Oct 28 '19 at 06:11

2 Answers2

5

I had the same issue. Just take a look to your global config settings git config --list.

And put the correct email - git config --global user.email <email>.

Ilya Sergeev
  • 51
  • 1
  • 2
  • Mismatch between gpg key email address and my git email address was my problem. – Gunar Gessner Feb 18 '21 at 12:45
  • Here I was assuming that git would use the email for signing that it uses for storing in the commit author details, but it appears that's not the case. I had to update by global email preference as you described. – Raven Mar 02 '21 at 15:07
4

I had a similar issue because I had mistakenly installed and configured smimesign, although it was not part of the guide for GPG keys.

My solution to this was as follows:

brew uninstall smimesign
git config --global --unset gpg.format
git config --global --unset gpg.x509.program
git config --global user.signingkey [KEY HASH]

where the [KEY HASH] was listed by gpg:

$ gpg --list-secret-keys --keyid-format LONG
/Users/stig/.gnupg/pubring.kbx
------------------------------
sec   rsa4096/...
      [KEY HASH]
uid                 [ultimate] Stig (comment) <stig@example.com>
ssb   rsa4096/...

On the next commit, the Verified sign was shown immediately.

Stig Johan B.
  • 191
  • 5