问题
I have an issue with git and signing commits with GPG key.
I have a master key (used for certification only). I've created two subkeys (only for signing) per computer. I've added public key to Github, configured git by using user.signingKey configuration option.
The issue is that git seems to be ignoring the configuration option and uses the newest subkey all the time (the latest on the list gpg --list-secret-keys EMAIL).
I've checked it on two environments, same issue. I'm using the following git version: git version 2.15.1
Any clues?
回答1:
To use a specific subkey, KEYID must be appended with !. So the configuration should look like the following:
[user]
name = Andrzej Ośmiałowski
email = me@osmialowski.net
signingKey = KEYID!
Many thanks to Todd Zullinger to provide the solution on Git mailing list.
回答2:
The git commit man page describes:
-S[] --gpg-sign[=] GPG-sign commits. The keyid argument is optional and defaults to the committer identity; if specified, it must be stuck to the option without a space.
Would it help to always specify the sign key on git commit?`
It could be an issue on the git suite (Can you check on their issue tracker?
EDIT: Also maybe this is worth a try.
来源:https://stackoverflow.com/questions/48230336/git-uses-wrong-subkey-for-signing-commits-with-gpg-key