Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Could not make my second mail's commits as "verified" on GitHub

Tags:

git

github

gpg-signature

gnupg

Currently, I use 2 emails, (Personal + Company) with one SSH key to log in to GitHub. But I use the same GPG key for signing. Both are verified on my GitHub Email Settings page.

On the first one (personal), no issue, when I do a commit it appears as Verified. On the second one (company), the commits appear as Unverified in GitHub with the following warning message:

The email in this signature doesn’t match the committer email.

$ gpg --list-secret-keys --keyid-format LONG

...
sec   rsa4096/MY_GPG_KEY_ID 2020-05-19 [SC] [expires: 2022-05-19]
...
uid    [ultimate] Furkan (Company key) <[email protected]>
uid    [ultimate] Furkan <[email protected]>

In the repository:

$ git log --show-signature

...
gpg: Good signature from "Furkan (Company key) <[email protected]>" [ultimate]
gpg:                 aka "Furkan <[email protected]>" [ultimate]
Author: MyGitHubNickname <[email protected]>
...

Local config settings:

$ git config --local --list

...
user.name=Furkan
[email protected]

Global config settings:

$ git config --global --list

...
user.name=MyGitHubNickname
[email protected]
user.signingkey=MY_40_CHARACTER_SIGNING_KEY

But did not work:

$ git commit -S --amend --reset-author
$ git push --force

I see MY_GPG_KEY_ID key at the bottom of this popup, exactly the same.

picture

I followed Troubleshooting commit signature verification and Using a verified email address in your GPG key guides as described in GitHub Docs, but still did not fix the problem.

like image 506
Dentrax Avatar asked Sep 07 '25 03:09

Dentrax

2 Answers

Everything you did so far is correct; you're just missing the final step which is to update GitHub's copy of your public key.

You need to regenerate your public key (gpg --armor --export KEY_ID), then, in your GitHub user settings > "SSH and GPG keys", you need to delete the original key and upload the regenerated public key.

This is what it should end up looking like. Commits signed with any of the listed addresses will now show as Verified.

GPG key with two associated email addresses

like image 152
qitianshi Avatar answered Sep 10 '25 05:09

qitianshi

In my case there was a discrepancy between committer and author. GitHub shows the author by default, but the committer was set to something auto-generated.

You can check with git log --format=full

like image 40
RickDG Avatar answered Sep 10 '25 04:09

RickDG
Sign in to Comment

Related questions

How do I search my git aliases?
Git revert merge to specific parent
How to dynamically pick a git branch to use in Jenkins build
How to generate and apply git patches correctly in Powershell (vs bash)?
Git warning "encountered old-style '/home/user/.gitignore' that should be '%(prefix)/home/user/.gitignore'"
Disable all paging in Git
Is it possible to put --preserve-merges in the gitconfig
Visual Studio 2022 shows git repo as "Untrusted"
List pairs of files when using vimdiff as git difftool
GitHub REST API For Delete Branch
Change the remote of all git repositories on a system from http to ssh
why is GIT for Windows showing different versions in git-bash vs git-gui and cmd.exe?
ERROR: bad DVC file name 'Training_Batch_Files\Wafer12_20012.csv.dvc' is git-ignored
How to cherry-pick merge commits?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!