How to Fix GPG Signing Failed Error
In this tutorial, you'll learn about How to Fix GPG Signing Failed Error. We cover key concepts, practical examples, and best practices.
The Problem
You run git commit -S and get error: gpg failed to sign the data or gpg: signing failed: No secret key. GPG cannot find your private key, the GPG agent is not running, or the passphrase prompt cannot be shown in your terminal environment. This is especially common in headless environments like CI, VS Code integrated terminal, or tmux sessions.
Quick Fix
1. Check if a GPG key exists
gpg --list-secret-keys --keyid-format=long
Expected output:
sec rsa4096/ABC123DEF4567890 2024-01-01
uid [ultimate] Your Name <you@example.com>
If no key is listed, generate one:
gpg --full-generate-key
2. Tell Git which key to use
git config --global user.signingkey ABC123DEF4567890
The key ID is after rsa4096/ in the listing.
3. Set GPG_TTY for passphrase prompts
export GPG_TTY=$(tty)
Add to ~/.bashrc or ~/.zshrc:
echo 'export GPG_TTY=$(tty)' >> ~/.bashrc
source ~/.bashrc
4. Restart the GPG agent
gpgconf --kill gpg-agent
gpg-agent --daemon
5. Test that GPG works
echo "test" | gpg --clearsign
If this works, GPG is functional. If it hangs or fails, restart the agent.
6. Use pinentry for headless environments
# Install pinentry-tty
sudo apt-get install pinentry-tty
# Configure GPG
echo "pinentry-program /usr/bin/pinentry-tty" >> ~/.gnupg/gpg-agent.conf
gpgconf --kill gpg-agent
7. Cache the passphrase
echo 'default-cache-ttl 3600' >> ~/.gnupg/gpg-agent.conf
gpgconf --kill gpg-agent
8. Test commit signing
git commit --allow-empty -S -m "Test signing"
git log --show-signature -1
Expected output includes: Good "git" signature for you@example.com
9. Use SSH signing as an alternative
git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/id_ed25519.pub
Common Causes
| Cause | Error | Fix |
|---|---|---|
| No GPG key | gpg: signing failed: No secret key |
gpg --full-generate-key |
| GPG_TTY unset in terminal | gpg: cannot open tty: No such device |
export GPG_TTY=$(tty) |
| GPG agent not running | gpg: failed to sign the data |
gpgconf --kill gpg-agent && gpg-agent --daemon |
| Wrong key in Git config | gpg: signing failed: secret key not available |
git config user.signingkey KEY_ID |
| Terminal pinentry missing | No way to enter passphrase | apt-get install pinentry-tty |
| Email mismatch | Commit email differs from key uid | Use same email in git config user.email as in GPG key |
Prevention
- Add
export GPG_TTY=$(tty)to your shell profile on every machine - Use SSH commit signing (simpler than GPG for most developers)
- Cache your passphrase:
echo 'default-cache-ttl 3600' >> ~/.gnupg/gpg-agent.conf
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro