Skip to main content


Eclipse Community Forums

      Home
Home » Eclipse Projects » EGit / JGit » EGit cannot find the signing key
EGit cannot find the signing key [message #1843013] Sat, 10 July 2021 20:24 Go to next message
Eclipse UserFriend
I'm trying to create a signed commit through EGit, but I get the following error:
Quote:
Unable to find a GPG key for signing with key ID 'email@address.stripped'. Configure the GPG key with committer email address, set git config user.signingKey, or disable commit signing.

A similar error is also thrown if I set the key ID through user.signingKey (which I had been doing before updating to 2021-06, and it worked just fine).
Committing with git through a shell doesn't result in any errors and signs the commit just fine. Likewise, the key is listed in gpg --list-secret-keys with the email matching.
P.S.: I tried to solve this by setting 'For signing commits and tags use:' in 'Committing' section to 'External GPG' and providing it with my GPG 2.2.27 installation, but it resulted in a different error (but an error nevertheless): https://paste.debian.net/hidden/2dc77a8f/
Is there a way to downgrade EGit, or is there a workaround for this (other than using git through a shell)?
System: Debian 11/Bullseye
Eclipse: 4.20/2021-06
EGit: 5.12.0.202106070339-r
Best regards
Marko Zajc
Re: EGit cannot find the signing key [message #1843031 is a reply to message #1843013] Mon, 12 July 2021 10:44 Go to previous messageGo to next message
Eclipse UserFriend
After taking a step back and looking at the whole picture, I figured that the issue was not with a new version of EGit, but all versions of EGit (could also be a BouncyCastle thing for all I know):
the issue was a CA certificate that I've recently imported into my GPG pubring. I am not sure why it doesn't like the aforementioned certificates in particular as both GPG and git have no issues with them whatsoever, but removing them fixed both the BouncyCastle GPG and (somehow) the External GPG issues.
I'm willing to send the certificate in question to anyone willing to investigate further.
Re: EGit cannot find the signing key [message #1843036 is a reply to message #1843031] Mon, 12 July 2021 13:54 Go to previous messageGo to next message
Eclipse UserFriend
Yeah, this sounds like a BouncyCastle problem. BC cannot verify that signature. Also the "External GPG" setting uses BC to verify that we got back something valid. Most unfortunate if BC cannot parse valid GPG signatures because it cannot read that certificate.

We plan to include BC 1.69 in the next release; currently Eclipse has only BC 1.65. The Bouncy Castle release notes mention several PGP-related bug fixes.

In any case it's a problem we can't fix in EGit. This must be fixed in BC.
Re: EGit cannot find the signing key [message #1843202 is a reply to message #1843036] Tue, 20 July 2021 02:39 Go to previous messageGo to next message
Eclipse UserFriend
EGit nightly is now using BouncyCastle 1.69. Could you try with that version, please? (Update site: https://download.eclipse.org/egit/updates-nightly .) If the problem persists, BouncyCastle still has something to fix. In that case it'd be great if you could open a bug at https://github.com/bcgit/bc-java/issues .
Re: EGit cannot find the signing key [message #1843214 is a reply to message #1843202] Tue, 20 July 2021 08:17 Go to previous messageGo to next message
Eclipse UserFriend
I've installed it, and the same problem persists for both 'External GPG' and 'BouncyCastle GPG' options. Although I probably don't know enough technical information about EGit's internals to be able to open an issue in BouncyCastle's repository.
Here's the certificate chain that causes me trouble: http://www.sigen-ca.si/crt/sigen-ca-g2-certs.p7c. I've been importing it via Kleopatra 3.1.11 (20.08.3) if that's relevant.

[Updated on: Tue, 20 July 2021 08:17] by Moderator

Re: EGit cannot find the signing key [message #1843265 is a reply to message #1843214] Wed, 21 July 2021 15:49 Go to previous message
Eclipse UserFriend
Does your JVM also know about the SI-TRUST root certificate? I don't see in my JVM's cacerts. It's available at https://www.si-trust.gov.si/en/support/root-issuer-si-trust-root/ in PEM format, which is easy to include using keytool.
Previous Topic:EGit 5.13 clone TFS repository with SSH fail
Next Topic:Export/import of commits and diff between repositories in binary form
Goto Forum:
  


Current Time: Tue May 20 22:36:57 EDT 2025

Powered by FUDForum. Page generated in 0.04891 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly