I am a student and I am going to write my thesis about vulnerabities in Git. For this I am using GitLab (self hosted (version 15.5) on a virtual machine (Ubuntu)) to simulate. I was trying to sign my commit with GPG but it failed.
Here’s what I already did already:
- GPG key successfully created
- I checked it with gpg --list-secret-keys --keyid-format LONG #Mailadress#
- I added the public part to GitLab (Profile / Preferences / GPG Keys)
- I added the key with git config --global user.signingkey #Key#
- commit.gpgsign is set on true (checked in the configfile)
- due to my initial mailadress wasnt verified I added my actual one, which I also set in gpg presettings in the admin panel to my account due to I do not get a confirmation mail, when I do it in the account itself
- the GPG key is listed as “verified” now after this operation
And ye, I still get the following error, when I try to sign a commit with git commit -S […]
“error: gpg failed to sign the data
fatal: failed to write commit object”
Does someone has a solution or idea for this problem?