Search code examples
gitgnupg

Git GPG error signing tags

gotOK I'm a bit of a rookie when it comes to Git. So I decided to read Pro Git by Scott Chacon. BTW great book, highly recommend it.

Anyway got to the section about Signed Tags. To sign a tag with GPG you must have a private key set up which I do. However, when I ran:

git tag -s v1.6 -m "my signed 1.6 tag"

I got the following:

C:\Users\Name\Desktop\git>git tag -s v1.6 -m "my signed 1.6 tag"
gpg: error loading `iconv.dll': The specified module could not be found.

gpg: please see http://www.gnupg.org/download/iconv.html for more information
gpg: skipped "Name <name@gmail.com>": secret key not available
gpg: signing failed: secret key not available
error: gpg failed to sign the data
error: unable to sign the tag

So, I done what the error message told me to do and went to the link and followed the instructions. I copied iconv.dll to the folder that contained gpg.exe (\Git\bin). Ran the command again and got:

C:\Users\Name\Desktop\git>git tag -s v1.6 -m "my signed 1.6 tag"
gpg: skipped "Name <name@gmail.com>": secret key not available
gpg: signing failed: secret key not available
error: gpg failed to sign the data
error: unable to sign the tag

EDIT:

When I try and list my secret keys I get this error???

Name@NAME-PC ~
$ gpg --list-secret-keys
gpg: keyblock resource `c:/Users/Name/.gnupg\secring.gpg': file open error
gpg: keyblock resource `c:/Users/Name/.gnupg\pubring.gpg': file open error
gpg: fatal: c:/Users/Name/.gnupg: directory does not exist!
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768
Solution

  • You could initialize your gnupg environment (secret key) with a gpg GUI like gpg4win, following this tutorial, or (more up-to-date) the official gpg4win documentation "Gpg4win for Novices".

    private key creation

    Note that this blog post add the following caveat:

    I installed Gpg4win, which installs a nice GUI for managing keys and the GPG command line interface.
    My ignorance of the process was clear as I repeatedly attempted to use the GUI (GNU Privacy Assistant – Key Manager) to create my key. That GUI appears to create valid keys, but wherever it stores the related key part files is not where the GPG command line expects to find them.

    (Note: probably on C:\Users\Name\AppData\Roaming\gnupg, with a directory was named gnupg and not .gnupg)

    Instead, be sure to use the command line client. Start with:

    gpg --gen-key

    If key creation fails, you might manually need to create the directory c:users<USER>.gnupg, which GPG will apparently not do on its own.

    cd C:\Users\Name 
mkdir .gnupg
xcopy C:\Users\Name\AppData\Roaming\gnupg .gnupg

    The errors that I was seeing along the way were

    gpg: no writable public keyring found

    and:

    signing failed: secret key not available

    Note: once your gnupg is in place, if you still have the error message, do add the the (gnupg) key-id you want to use when signing your tag:

    git tag -u 'key-id' -s -m "some comment" some-tag

    As noted by roguib in the comments, you will need, if you want to see that tag on the remote side:

    • git push --tags
    • or, since Git 2.4.1 and git config --global push.followTags true, a simple git push is enough.
    • and, still with Git 2.4.x, you can add git push --atomic, to make sure everything was indeed pushed (or nothing will).