Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Signing commit with OpenPGP subkey fails

Tags:

git

gnupg

I would like to use one of my GPS (2) subkeys for signing commits/tags in Git I.e., my freshly created RSA4096 signing-only key with the long ID B0##...

sec#  ed25519/9F############## 2016-01-07 [expires: 2023-01-05]
  Key fingerprint = FC08 HEX HEX HEX 
uid                 [ultimate] MY NAME <MY.NAME@foo bar>
ssb   rsa4096/C9############## 2016-01-07 [expires: 2022-01-05]
ssb   ed25519/C6############## 2016-01-07 [expires: 2022-01-05]
ssb   rsa4096/B0############## 2016-01-13 [expires: 2022-01-11]

Where I am working on a keyring with the master key removed (backuped away) as 'better key policy'

So, I tried to set up the signing key for Git

[user]
    ...
    signingkey = B0##############

However, committing & signing fails with

> git commit -S  -m "test commit"
gpg: skipped "B0##############": secret key not available
gpg: signing failed: secret key not available
error: gpg failed to sign the data
fatal: failed to write commit object

Where a gpg-agent up and running.

My first guess was, that Git does not understand the long key notation and tried the short one instead

> gpg2 --list-secret-keys  --keyid-format short
...
ssb   rsa4096/DB###### 2016-01-13 [expires: 2022-01-11]

> ~/.gitconfig
[user]
   ...
   signingkey = DB######

But which also failed

> git commit -S  -m "test commit short"
gpg: skipped "DB######": secret key not available
gpg: signing failed: secret key not available
error: gpg failed to sign the data
fatal: failed to write commit object

So, I wonder what breaks here and if maybe Git only would work with a master key for signing but does not understand the use of subkeys (or if I have screwed up myself somewhere)?

like image 376
THX Avatar asked Jan 13 '16 11:01

THX

1 Answers

Git uses gpg by default, which is GnuPG 1 on most systems and does not support elliptic curve cryptography. As your primary key is an elliptic curve key, GnuPG 1 cannot use the key at all. You will be able to observe the same when trying to use the key with GnuPG (gpg --default-key key-id --sign).

Configure Git to use gpg2 instead, which is required to be at least GnuPG 2.1 (which you have, as you can use the elliptic curves key):

git config --global gpg.program gpg2
like image 85
Jens Erat Avatar answered Dec 25 '22 03:12

Jens Erat
Sign in to Comment

Related questions

TeamCity to GitHub Connection Error: session is down
setting up TeamCity to pull multiple git repos with named locations
Two-step git import over ssh
git p4 submit: patch does not apply
GitLab: Can't push code to server?
How to tell what files on remote repository changed since last git pull?
TeamCity getting stuck at "Updating sources" on one Git repo
Can I set an alias in git for "pull --rebase"?
error: git was not found - installing laravel with composer windows
Git move single commit from feature_branch to master
How to reference public bitbucket repo as npm module in package.json on heroku?
Count total lines written by a specific user throughout all its projects in Github
Can I disable git pull?
Replying on the same thread in a mailing list using git send-email
How to Reorder Commits (rebase) with TortoiseGit
Print symbolic name for HEAD
How to update the repo version
Netbeans and Git, .obj files ignored
Git for Windows, run git bash without mintty?
"git unable to read current working directory no error" - posh git (windows 10)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!