Gitea doesn't recognize my GPG key

[sondr3]

• Gitea version (or commit ref): 1.2-rc1
• Git version: 2.1.2
• Operating system: Debian 8.9
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (https://try.gitea.io/sondr3/test1)
  • No
  • Not relevant
• Log gist:

Description

I've added my GPG key to a 1.2-rc1 version of Gitea that I'm running, and it says that it can't find any key matching my email for that address. Github recognizes it and supports it just fine, but Gitea for some reason doesn't. I can't recall what settings I used to generate the GPG key anymore, it's been a while since I created it.

Screenshots

[sapk]

It seems that it's not the key you used to sign the commit. When I clone your repo example on try.gitea.io, I get that you sign with RSA D78D17BB14716F42

[sapk]

To verify that :

git clone https://try.gitea.io/sondr3/test1.git
cd test1
git log --show-signature

[sondr3]

Yeah, this was my fault. Apparently I had exported a subkey and not the actual GPG key itself, so I was using the wrong one. My bad, thanks for pointing it out, it works fine now that I'm using the correct one.

[sapk]

Glad to here that. enjoy 😄

[Mikaela]

I was having this issue with key 29104A46C5615BF978A083F20C207F07B2F32B67 until I removed it from Gitea and added again with gpg --export-options export-minimal --export 29104A46C5615BF978A083F20C207F07B2F32B67.

Gitea kept saying No known key found for this signature in database and the person running the Gitea instance thought that it may be a problem with amount of subkeys that I have.

[lunny]

@Mikaela Please fire another issue since your problem is different from this one.

[Mikaela]

@lunny I don't know what subject to use or anything and I managed to get it workarounded. As the symptom is the same as in the subject of this one, I think this should be reopened in case you can reproduce the issue.

[Panzer1119]

I have a similiar/the same problem, but when i imported the public gpg key on my pc it shows the signature is verified (git log --show-signature).
But when i use the exact same String (public gpg key in ascii form) in my Gitea Account, it does not recognize the signature of commits.
(Its a 2048 Bit rsa gpg key, maybe thats a problem? Because my 4096 Bit rsa gpg key does work)
The fingerprints of the key shown by git log --show-signature and on Gitea are also the same :/

[Panzer1119]

Hmmm i created a new keypair (2048 Bits rsa) and signed it via my ios app (where i had problem with signed commits) and it did not work.
Then i importet this keypair on my pc and signed a new commit from the pc.
Now Gitea recognizes the key.

But in both cases my local git recognized both signatures made from the ios app and the pc...

[lunny]

@Panzer1119 any log on your backend?

[Panzer1119]

What kinda log? I believe the App is creating the signature different than the computer?

[pedroapero]

I'm using gnupg 1.4.18 from Debian with a 4096Bits key, I am not able to confirm signed tags either (open padlock with "not a signed commit").
My key pair (master + one subkey) was imported correctly on my account.
Using git verify-tag I can verify that the tag is signed with one of the keys displayed on my settings page. I can't make Gitea (v1.7.3) display the tag's signature key ID though.

Edit: after some testing, the problem appears with tags only, the padlock is green for commits.

[georgeowell]

I am having this same problem but for commits. Can verify the commits locally all good, all using the same key.

But in Gitea, they are now marked as
WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS. GPG Key ID: EDE939629F5C1A6A

https://git.autonomic.zone/kawaiipunk/walkaway-wiki/commits/branch/master

As far as I know, nothing has changed in my configs. Signing is working all good on Gitlab and Github. I just can't see any problems except at the Gitea end of things.

My .gitconfig:

[user]
	name = kawaiipunk
	email = [redacted this for obscurity but it matches all good]
	signingkey = DAFA9CA84CFD48F5FCEACEAAEDE939629F5C1A6A
[push]
	default = simple
[commit]
	gpgsign = true
[gpg]
	program = gpg
[tag]
	forceSignAnnotated = true

I tried re-adding my GPG pub key to the Gitea interface in a few different ways but same story.

[zeripath]

@georgeowell Please don't write on closed issues - comments are very likely to be missed.

This is a different problem to the OPs issue - although it fits with the previous person who also wrote on an already closed issue. My initial suspicion is that you are hitting #10420 but without knowing your version I cannot confirm.

We need to know what version of Gitea you are running.