Commit signing using sourcetree on windows

If you have not created GPG Key, then head to github's tutorial on GPG keys here

Open Sourcetree and click the Terminal button on the top-right corner. Click on terminal icon (I don't have enough reputation points to post an image. I'll update the image when I get sufficient reputation points :) ).

Enter the following commands

$ git config commit.gpgsign true

You need to have a GPG Signing key in order to sign the commit. Check for existing keys by using the following command

$ gpg --list-secret-keys --keyid-format LONG

For example, if your output is

/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec   4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid                          Hubot 
ssb   4096R/42B317FD4BA89E7A 2016-03-10

3AA5C34371567BD2 is your Signing Key.

Then, execute the following command

$ git config commit.signingkey YOUR_KEY_HERE

If you want to sign every repository, then add a --global flag to above commands. For example,

$ git config --global commit.gpgsign true
$ git config --global commit.signingkey YOUR_KEY_HERE

No need to download any other software for signing your commits.

Method 2

Open your config file present in .git folder of your repository. And add/update the following options.

[commit]
    gpgsign = true
    signingkey = YOUR_KEY_HERE

Try to commit after updating the above options.


Well, the answer is yes and no.

The work around I've figured out is as follow (I assumed that you've already the GPG key setup, if not follow github's tutorial on how to set it up)

Step 1 Install git shell for Windows

(If you haven't already)

Step 2 Make sure sourcetree use system's git

Press ctrl+, go to git tab and click Use System Gitenter image description here

Step 3 Configure git to sign every commit (optional)

From powershell (or you can use the built-in terminal from terminal icon in sourcetree).

Enter git config commit.gpgsign true - this will configure git to automatically sign all commits in CURRENT repository.

If you want to sign every commits in EVERY repository use git config --global commit.gpgsign true instead.


Note If you choose to skip step 3 make sure to add -S every time you commit (git commit -S) or your commit won't be sign.


Drawback

Of course this way have a drawback.

Every time you commit. You have to do it in terminal. If you try to commit using sourcetree's commit button an error will occur

gpg: cannot open tty `no tty': No such file or directory
error: gpg failed to sign the data
fatal: failed to write commit object

Apart from that, you can use every other features sourcetree have (push, pull, fetch, merge etc.) as usual.

Edit : This drawback has been solved by ahmad's answer.


I had a similar issue & I followed @theminer3746 answer to set it up.

I was able to fix the no tty error & have a dialog to enter the password using the following steps

  • Install: https://www.gpg4win.org
  • Load keys into Kleopatra program ([Your homedir]/.gnupg/secring.gpg)
  • Run this command in your terminal: git config --global gpg.program "c:\Program Files (x86)\GnuPG\bin\gpg.exe"