(Solved) GPG-signed commits consistently unverified

Hello. I’m using a GPG key to verify my commits and for the life of me I can’t figure out why it won’t work. Unlike other issues reported before, the key’s email is my primary one, and I’m not using the subkey.

Here is the output of gpg --keyid-format LONG -k unnecessary@obfuscation.com

pub   rsa4096/006D6DDB6034C77C 2018-06-02 [SC]
      CBEEE26B4C99AE9400755516006D6DDB6034C77C
uid                 [ultimate] Ian Huang (imyxh) <unnecessary@obfuscation.com>
sub   rsa4096/F1A4BA9EA9EFE976 2018-06-02 [E]

I’ve set everything up according to the instructions. The “emails” page of my user settings lists:

  • unnecessary@obfuscation.com [Verified] [Primary email] [Notification email]
  • imyxhuang@gmail.com [Verified] [Public email]

As for the GPG page, it says:

Your GPG keys (1)

  • unnecessary@obfuscation.com [Verified] CBEEE26B4C99AE9400755516006D6DDB6034C77C
    • Subkeys:
      40F2C667A5513B98D7B04201F1A4BA9EA9EFE976

However, every time I sign a commit it’s still tagged as “Unverified” with the GPG signature of 006D6DDB6034C77C—which seems to be the same one I put into my GPG settings, with the same email.

Is there more info I could provide? Am I doing something wrong?

Perhaps it’s because the email I use to sign is not my public email? It’s still my primary one, though—I made it so after reading about issue 36959 (which should even be fixed, now).

1 Like

Aha, never mind. Apparently your git config user.email has to be set to your signing email as well.

1 Like

@gitlab_developers

Why would I want to have my email in each of my commits?

signing my commits with my GPG key is all I should need.
If I have added that key into my account and I sign my commits with the provate key. then the commit is verified.

less and less I want to expose emails in every commit

I could not figure out how to fix this until I got to this post, needed to add the email to the git config to get the commits verified correctly.