My commits are unverified despite having public key added to GitHub

[mrpmartin]

Hello - I'm a bit of a newbie. Thanks in advance :)

All my commits are showing as 'unverified' now, and it tells me to upload the public key, which I've done. I just re-added the public key again, and made sure my Git Config file is updated properly to sign my commits. I tested committing a small change (using VS Code) and I was asked to auth SSH (I use 1Password) so I know the signing is working at least somewhere.

Also, I can see that commits were previously 'verified' so I know it was working at some point. I haven't changed anything, but it's possible I did something inadvertently.

I'm not sure where this problem might be coming from now. Any thoughts on where a good starting point might be?

[mrpmartin]

Hey @Ariffazeel99 thanks for all this helpful info.

I've confirmed the email in commits is the same as GitHub, and the GPG signing is handled by 1Password. And I actually think there's a problem with that 1Password service. After running git log --show-signature -1 I'm getting this error:

error: gpg.ssh.allowedSignersFile needs to be configured and exist for ssh signature verification
commit 26c2b9daae397a6c4bb428adf1b746abcdcfbfab (HEAD -> main, origin/main, origin/HEAD)
No signature

I'll have to look into why that file is erroring. With 1Password they provide this snippet to add to the ~/.gitconfig file:

[user]
  signingkey = {public key}
[gpg]
  format = ssh
[gpg "ssh"]
  program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign"
[commit]
  gpgsign = true

Adding that manually or using the 'apply to gitconfig automatically' setting from 1Password, I think that's where the problem exists for me. I appreciate the troubleshooting steps all the same! :)

[mrpmartin]

Update:

Found the solution via 1Password developer docs: https://developer.1password.com/docs/ssh/git-commit-signing/#step-2-register-your-public-key

It seems things weren't properly configured on my end with 1Password. Issue is solved for me. Thanks again.

[queenofcorgis]

@mrpmartin way to go on self-solving 🎉 Thanks for coming back to share the solution and marking the answer ✅