Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » EGit / JGit » EGit cannot find the signing key
EGit cannot find the signing key [message #1843013] Sun, 11 July 2021 00:24 Go to next message
Marko Zajc is currently offline Marko ZajcFriend
Messages: 4
Registered: August 2018
Junior Member
I'm trying to create a signed commit through EGit, but I get the following error:
Quote:
Unable to find a GPG key for signing with key ID 'email@address.stripped'. Configure the GPG key with committer email address, set git config user.signingKey, or disable commit signing.

A similar error is also thrown if I set the key ID through user.signingKey (which I had been doing before updating to 2021-06, and it worked just fine).
Committing with git through a shell doesn't result in any errors and signs the commit just fine. Likewise, the key is listed in gpg --list-secret-keys with the email matching.
P.S.: I tried to solve this by setting 'For signing commits and tags use:' in 'Committing' section to 'External GPG' and providing it with my GPG 2.2.27 installation, but it resulted in a different error (but an error nevertheless): https://paste.debian.net/hidden/2dc77a8f/
Is there a way to downgrade EGit, or is there a workaround for this (other than using git through a shell)?
System: Debian 11/Bullseye
Eclipse: 4.20/2021-06
EGit: 5.12.0.202106070339-r
Best regards
Marko Zajc
Re: EGit cannot find the signing key [message #1843031 is a reply to message #1843013] Mon, 12 July 2021 14:44 Go to previous messageGo to next message
Marko Zajc is currently offline Marko ZajcFriend
Messages: 4
Registered: August 2018
Junior Member
After taking a step back and looking at the whole picture, I figured that the issue was not with a new version of EGit, but all versions of EGit (could also be a BouncyCastle thing for all I know):
the issue was a CA certificate that I've recently imported into my GPG pubring. I am not sure why it doesn't like the aforementioned certificates in particular as both GPG and git have no issues with them whatsoever, but removing them fixed both the BouncyCastle GPG and (somehow) the External GPG issues.
I'm willing to send the certificate in question to anyone willing to investigate further.
Re: EGit cannot find the signing key [message #1843036 is a reply to message #1843031] Mon, 12 July 2021 17:54 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 406
Registered: August 2016
Senior Member
Yeah, this sounds like a BouncyCastle problem. BC cannot verify that signature. Also the "External GPG" setting uses BC to verify that we got back something valid. Most unfortunate if BC cannot parse valid GPG signatures because it cannot read that certificate.

We plan to include BC 1.69 in the next release; currently Eclipse has only BC 1.65. The Bouncy Castle release notes mention several PGP-related bug fixes.

In any case it's a problem we can't fix in EGit. This must be fixed in BC.
Re: EGit cannot find the signing key [message #1843202 is a reply to message #1843036] Tue, 20 July 2021 06:39 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 406
Registered: August 2016
Senior Member
EGit nightly is now using BouncyCastle 1.69. Could you try with that version, please? (Update site: https://download.eclipse.org/egit/updates-nightly .) If the problem persists, BouncyCastle still has something to fix. In that case it'd be great if you could open a bug at https://github.com/bcgit/bc-java/issues .
Re: EGit cannot find the signing key [message #1843214 is a reply to message #1843202] Tue, 20 July 2021 12:17 Go to previous messageGo to next message
Marko Zajc is currently offline Marko ZajcFriend
Messages: 4
Registered: August 2018
Junior Member
I've installed it, and the same problem persists for both 'External GPG' and 'BouncyCastle GPG' options. Although I probably don't know enough technical information about EGit's internals to be able to open an issue in BouncyCastle's repository.
Here's the certificate chain that causes me trouble: http://www.sigen-ca.si/crt/sigen-ca-g2-certs.p7c. I've been importing it via Kleopatra 3.1.11 (20.08.3) if that's relevant.

[Updated on: Tue, 20 July 2021 12:17]

Report message to a moderator

Re: EGit cannot find the signing key [message #1843265 is a reply to message #1843214] Wed, 21 July 2021 19:49 Go to previous message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 406
Registered: August 2016
Senior Member
Does your JVM also know about the SI-TRUST root certificate? I don't see in my JVM's cacerts. It's available at https://www.si-trust.gov.si/en/support/root-issuer-si-trust-root/ in PEM format, which is easy to include using keytool.
Previous Topic:EGit 5.13 clone TFS repository with SSH fail
Next Topic:Export/import of commits and diff between repositories in binary form
Goto Forum:
  


Current Time: Sun Oct 24 10:35:34 GMT 2021

Powered by FUDForum. Page generated in 0.01781 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top