Signing Git Commits Using PowerShell

Configure Git to sign commits with a GPG key so every commit carries a verified cryptographic signature.

Guide written for Windows 11 Pro.

If you have not set up GPG keys yet, refer to Setting up GPG Keys with PowerShell (coming soon).

Configure Git Global Variables

  1. List your GPG keys:

    The key ID is the part after / on the line starting with sec.

    gpg --list-secret-keys --keyid-format LONG
  2. Configure Git to use your GPG key: 
    git config --global user.signingkey YOUR_KEY_ID
  3. Optional — sign all commits by default: 
    git config --global commit.gpgsign true
  4. Print your public GPG key: 
    gpg --armor --export YOUR_EMAIL_ADDRESS

Add Your GPG Key to GitLab

  1. Sign in to GitLab.
  2. Go to your user settings, then to the GPG Keys section.
  3. Paste your public GPG key into the text area and click Add key.

Verify

Commit and push changes to your repository:

git commit -S -m "Your commit message"

Common Errors

1. No Secret Key

gpg: skipped "A6D52EAF2B1C52E5": No secret key
gpg: signing failed: No secret key
error: gpg failed to sign the data
fatal: failed to write commit object

Git for Windows ships with a minimal version of GnuPG that uses ~/.gnupg/ (C:\Users\YourUsername\.gnupg\) for configuration and key storage. Gpg4win, on the other hand, uses %APPDATA%\gnupg. If you have both installed, Git may be looking in the wrong place.

  1. Check your Git global configuration: 
    git config --global --list

    Look for a gpg.program entry. If it is missing, Git will use its bundled minimal GnuPG install. 

    user.name=Your Name
user.email=ell@myemail.com
user.signingkey=12334asd3
commit.gpgsign=true
  2. Set the GPG program in your Git configuration: 
    git config --global gpg.program "C:/Program Files (x86)/GnuPG/bin/gpg.exe"

    Your path may differ. Confirm the correct path before running this command.

  3. Confirm the change: 
    git config --global --list
    user.name=Your Name
user.email=you@youremail.com
user.signingkey=12334asd3
commit.gpgsign=true
gpg.program=C:/Program Files (x86)/GnuPG/bin/gpg.exe

2. Bad Data Signature

gpg: bad data signature from key PROBLEMID: Wrong key usage (0x19, 0x2)
  1. List the key ID Git is configured to use: 
    git config --global user.signingkey
  2. Check for the matching key: 
    gpg --list-secret-keys --keyid-format LONG

Ensure the key ID returned in step 1 matches a key in your keyring.

3. No Agent Running

gpg: can't connect to the gpg-agent: IPC connect call failed
gpg: keydb_search failed: No agent running
gpg: skipped "<signing-key>": No agent running
gpg: signing failed: No agent running
error: gpg failed to sign the data
fatal: failed to write commit object
  1. Start the agent: 
    gpgconf --launch gpg-agent
  2. Set the agent to auto-start on login via Task Scheduler:
    1. Search for Task Scheduler in the Windows Start menu.
    2. Click Create Basic Task and name it Gpg Agent Startup.
    3. Set the Trigger to When I log on.
    4. Set the Action to Start a program and enter: 
      gpgconf --launch gpg-agent
    5. Confirm the prompt and click Finish.