I followed instructions here: https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key

I did not include a comment. Only my name and email which match my github account.

Then, I set my git config to the following:

[user]
    name = First Last
    email = [email protected]
    signingkey = ABCDMYKEY12345
[commit]
    gpgsign = true
[gpg]
    program = C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe

gpg --version returns

$ gpg --version
gpg (GnuPG) 2.2.29-unknown
libgcrypt 1.9.3-unknown

I've run GIT_TRACE=1 and returned

$ GIT_TRACE=1 git commit --allow-empty -m "signing"
09:30:10.094197 exec-cmd.c:237          trace: resolved executable dir: C:/Program Files/Git/mingw64/bin
09:30:10.102197 git.c:455               trace: built-in: git commit --allow-empty -m signing
09:30:10.126235 run-command.c:666       trace: run_command: 'C:\Program Files (x86)\GnuPG\bin\gpg.exe' -bsau ABCDMYKEY12345
gpg: skipped "ABCDMYKEY12345": No secret key
gpg: signing failed: No secret key
error: gpg failed to sign the data
fatal: failed to write commit object

I've triple-checked for typos. This does not seem like a duplicate of gpg: skipped "XXBDXX4E": secret key not available. gpg: signing failed: secret key not available

because my gpg program is correctly set

I've seen this question Git doesn't see gpg key as secret, even though it is, how do I fix it?

But I don't understand the gpg2 thing. My gpg version is 2. Why do I need another gpg2 program. Besides, where do I get gpg2 from? Is it supposed to come with Git?

CodePudding user response：

I changed my gpg.program in git config to point at Git's gpg, which on my computer was located at C:/Program Files/Git/usr/bin/gpg.exe