I would like to use one of my GPS (2) approaches for signing commits / tags in Git Ie, the newly created RSA4096 key is only for signing with a long identifier B0 ## ...
sec# ed25519/9F############## 2016-01-07 [expires: 2023-01-05] Key fingerprint = FC08 HEX HEX HEX uid [ultimate] MY NAME < MY.NAME@foo bar> ssb rsa4096/C9############## 2016-01-07 [expires: 2022-01-05] ssb ed25519/C6############## 2016-01-07 [expires: 2022-01-05] ssb rsa4096/B0############## 2016-01-13 [expires: 2022-01-11]
Where I am working on a keyring with a remote primary key (backup) as the "best key policy"
So, I tried to configure the signature key for Git
[user] ... signingkey = B0
However, committing and signing is not done with
> git commit -S -m "test commit" gpg: skipped "B0##############": secret key not available gpg: signing failed: secret key not available error: gpg failed to sign the data fatal: failed to write commit object
Where does gpg-agent work.
My first assumption was that Git did not understand the long key notation and would instead try to make a short
> gpg2 --list-secret-keys --keyid-format short ... ssb rsa4096/DB
But also failed
> git commit -S -m "test commit short" gpg: skipped "DB######": secret key not available gpg: signing failed: secret key not available error: gpg failed to sign the data fatal: failed to write commit object
So, I wonder what breaks down here, and maybe Git will only work with the main key for signing, but does not understand the use of subkeys (or if I squinted something somewhere)?
source share