'Use gpg to sign git commits in eclipse

There is this nice feature from github to show that a git commit is signed using a gpg key.

I followed the following articles:

and I'm now able to sign my commits and tags using the command line by default.
(This is also visible/marked as "Verified" in the github repository)

However eclipse refuses to (properly) sign any git commit (with gpg) even if I turn on/off the "sign-off" button. It also doesn't show whether a commit was signed at all.

What am I doing wrong or is eclipse/egit not (yet) able to deal with gpg?

I use the following tools

  • Eclipse Mars.1+2
  • GPG4Win 2.2.0
  • Git 2.8.2
eclipsegitgnupg


Solution 1:[1]

That should be possible with Eclipse 2019-03 (three years later), which includes EGit 5.3.0.

EGit 5.3.0 can sign commits with GPG.

Note: EGit 5.3.0 requires Eclipse Neon (4.6) or better.
So you can test it in your Eclipse, as long as it is Neon or more recent.

Screenshot of the EGit Staging View with the new "Sign commit" icon -- https://wiki.eclipse.org/images/9/9f/Egit-commit-sign.png

The new icon in the upper right will allow you to toggle commit signing on or off.

The default is read from the Git configuration.
If the config option commit.gpgsign is set to true, the button will be selected by default.
The value of user.signingkey will be used to determine the signing key.

  • If the value is unset, the email address of the committer will be used to lookup the key.
  • If no key can be found a commit will fail.

Keys will be looked up from your GPG keyring (either ~/.gnupg/pubring.kbx or ~/.gnupg/secring.gpg;
on Windows the directory %APPDATA%\gnupg is used—if it exists—instead of ~/.gnupg).

See the following GitHub help pages for help on GPG signing keys:

Solution 2:[2]

This was bumped to JGit in 2016, with the original request made in 2012 and is still in a New state: https://bugs.eclipse.org/bugs/show_bug.cgi?id=382212. Sadly not much apparent traction on this.

Solution 3:[3]

It might be time to consider git 2.34 or above where you can use SSH keys to sign git commits and tags. This has been around since late 2021. Git uses ssh-keygen -Y to sign and verify contents. My team is moving in that direction now that we are all on 2.35.1. We previously used GPG for this purpose.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 VonC
Solution 2 Randall Becker
Solution 3 Randall Becker

Related Questions

Given long git commit how to safely get short commit

Given long git commit how to safely get short commit

Given long git commit how to safely get short commit

How can I 'git clone' from another machine?

VS Code / Bitbucket / SSH - Permission denied (publickey)

Differences between git pull origin master & git pull origin/master

git config: remote.<name>.fetch - is it possible to set up exceptions?

Git push hangs when pushing to Github?

How to clone git repository with specific revision/changeset?

Remove a file from the list that will be committed

Unable to create '/git/index.lock': File exists - but it doesn't

VSTS: How to get all linked work items since last successful release to production?

Versioning of debian packaging Information

How to generate ssh keys (for github)

How do I commit case-sensitive only filename changes in Git?