How to Fix “Error: Gpg Failed to Sign the Data” Error in Git

by
PinLinkedIn

You’re cruising through your Git workflow. Commit here, push there, life is good. Then—bam!—you get hit with this error:

error: gpg failed to sign the data
fatal: failed to write commit object

What just happened? Don’t worry. This error might seem scary, like a dragon in your Git quest, but it’s actually easy to tame. Let’s break it down and solve it together.

🌟 What Does This Error Mean?

Git lets you sign your commits with GPG (GNU Privacy Guard). That signature says, “I really wrote this code!” It’s great for open-source projects where identity matters.

This error means Git tried to sign your commit but couldn’t.

Usually, this happens because:

  • GPG isn’t installed or set up properly
  • Your key isn’t available to Git
  • Your GPG agent isn’t running or can’t access your key
  • Your terminal can’t prompt you for the passphrase

No worries. We’ll fix it in a few steps.

🛠️ Step-by-Step Fix Guide

1. Is GPG Even Installed?

Let’s start at the beginning. Check if GPG is on your system. Run:

gpg --version

If it returns the version info, you’re good. If not, you need to install it.

On macOS:

brew install gnupg

On Ubuntu/Debian:

sudo apt update
sudo apt install gnupg

On Windows:

Use GPG4Win. Install and restart your terminal after.

2. Do You Have a GPG Key?

Check if you have any keys:

gpg --list-secret-keys --keyid-format LONG

If nothing shows up, you need to create one.

gpg --full-generate-key

Choose these options if prompted:

  • Key type: RSA and RSA
  • Key size: 4096 bits
  • Expiry: Your choice (or none)
  • Name and email: Use same email as your Git commits

Once done, run this again to get your key:

gpg --list-secret-keys --keyid-format LONG

Look for a line that starts with:

sec   rsa4096/XXXXXXXXXXXXXXXX

The part after the slash is your GPG key ID. Save it. You’ll need it next.

3. Tell Git About Your Key

Now link your Git config with your GPG key:

git config --global user.signingkey YOURKEYID

For example:

git config --global user.signingkey ABCD1234EFGH5678

4. Enable Commit Signing (Optional)

You can tell Git to always sign your commits:

git config --global commit.gpgsign true

5. Use the Right GPG Program

Sometimes Git can’t find where GPG is installed. Let’s make sure Git uses the correct program.

Find GPG’s path:

which gpg

Output may be like:

/usr/local/bin/gpg

Then run:

git config --global gpg.program /usr/local/bin/gpg

Easy fix, right?

6. What About GPG Agents?

This is a sneaky one. GPG uses an agent in the background to remember your passphrase. But sometimes it just… doesn’t show up.

Try restarting the agent:

gpgconf --kill gpg-agent
gpgconf --launch gpg-agent

If you’re on the command line and not seeing a passphrase prompt, try setting this:

export GPG_TTY=$(tty)

You can add it to your shell config file (.bashrc, .zshrc, etc.):

echo "export GPG_TTY=\$(tty)" >> ~/.bashrc

Then restart your terminal or run:

source ~/.bashrc

📦 Still Stuck?

Here are some more weird things that could be the problem and how to fix them:

1. Your GPG Key Isn’t in Your GitHub or GitLab Profile

If you’re pushing to GitHub and want it to show “Verified” on your commits:

  1. Run this command to copy your public key:
gpg --armor --export YOURKEYID

Copy the whole block that starts with —–BEGIN PGP PUBLIC KEY BLOCK—–

  1. Go to GitHub > Settings > SSH and GPG Keys
  2. Add New GPG Key and paste it in

Done!

2. Your Commit Email Doesn’t Match

This matters for two reasons:

  • Git uses the email in your commits
  • Your GPG key is tied to an email

Make sure they match! Check your Git email:

git config --global user.email

If needed, change it:

git config --global user.email "you@example.com"

🧙 Bonus: Using GPG with GUI Apps

GUI apps, like VS Code, may not use your configured terminal. That means they might not read your shell configs.

Make sure they have access to your GPG environment. Starting them from the terminal helps!

code .

This way, they’ll inherit your terminal environment, including GPG_TTY.

🔥 What If You Just Want to Disable Signing?

Tired of it? Just want Git to stop asking for your GPG key?

You can turn commit signing off with:

git config --global commit.gpgsign false

Or, if it’s only for one commit:

git commit --no-gpg-sign -m "your message"

Your call. It’s your Git, after all.

🎉 Wrap-Up

The “GPG failed to sign the data” error usually means Git and GPG aren’t playing nice. But with a few quick checks, you can get them back in sync.

Here’s a quick recap:

  • Install GPG
  • Create or find your GPG key
  • Configure Git to use your key
  • Fix any terminal or agent issues
  • Add your public key to GitHub or GitLab (if you want verified commits)

Now your commits are safe, signed, and stylish. 🎩

Happy coding!

PinLinkedIn