gpg failed to sign the data
I get this terminal error about every three to six months:
error: gpg failed to sign the data fatal: failed to write commit object
When I see it I think “I really should have written down the problem last time”. So here we are, ready and willing to document.
The issue for me is that I set short expiration times for my gpg keys.
To verify my key is expired I run:
$ gpg -K --keyid-format SHORT and get results
sec rsa4096/C990E8C4 2019-03-09 [SC] [expired: 2022-01-01] F8DA783FABA5CE386A0321A29BB0402DA8462BD1 uid [ expired] Brian Pearce <brian @ email>
There we have it. My key is yet again expired. Now I’ve got two choices.
- Generate and distribute a new key
- Renew the expiry date on my existing key
1. Generating a new gpg key
- Kick off the generation process
$ gpg --full-generate-key
- Follow all the prompts
- Once it’s done copy the key it provides. In this case it’s F8DA783FABA5CE386A0321A29BB0402DA8462BD1:
pub rsa4096 2022-01-05 [SC] [expires: 2022-07-04] F8DA783FABA5CE386A0321A29BB0402DA8462BD1 uid Brian Pearce <brian @ email> sub rsa4096 2022-01-05 [E] [expires: 2022-07-04]
- Print the private key with
$ gpg --armor --export F8DA783FABA5CE386A0321A29BB0402DA8462BD1
- Copy the GPG key, beginning with
-----BEGIN PGP PUBLIC KEY BLOCK-----and ending with
-----END PGP PUBLIC KEY BLOCK-----
2. Renew the expiry date on an existing key
- Enter the gpg console
$ gpg --edit-key F8DA783FABA5CE386A0321A29BB0402DA8462BD1
expireand Follow the prompts
You can now see the key is valid again:
sec rsa4096/C990E8C4 2022-01-05 [SC] [expires: 2022-07-04] F8DA783FABA5CE386A0321A29BB0402DA8462BD1 uid [ultimate] Brian Pearce <brian @ email> ssb rsa4096/53FD37EB 2022-01-05 [E] [expires: 2022-07-04]
Why pick one over the other
There is no recommendation against renewing existing keys. The most important factor is that you keep using expiries so that you control the option to renew or not in the event one of the keys becomes compromised.