gitea only recognises the first out of three signatory ssh keys #12305

New Issue

GiteaMirror · 2025-11-02T10:05:00-06:00

GiteaMirror commented

2025-11-02 10:05:00 -06:00

Originally created by @MangoIV on GitHub (Jan 8, 2024).

Description

I have registered 4 ssh keys, they are used for pushing and signing in the exact same way. the first one shows as signed commits, the other two work for pushing but the UI tells me that neither of them is recognized as a signing key.

Gitea Version

forgejo 1.21 / gitea 1.21

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

Git Version

No response

Operating System

host os: Linux 6.6.8-zen1, NixOS, 24.05 (Uakari), 24.05.20231230.b0d36bd

How are you running Gitea?

I'm using the nixos module.

I'm running forgejo now but I have been running gitea before with the same issue so I think it is likely a gitea issue.

Database

PostgreSQL

Originally created by @MangoIV on GitHub (Jan 8, 2024). ### Description I have registered 4 ssh keys, they are used for pushing *and* signing in the exact same way. the first one shows as signed commits, the other two work for pushing but the UI tells me that neither of them is recognized as a signing key. ### Gitea Version forgejo 1.21 / gitea 1.21 ### Can you reproduce the bug on the Gitea demo site? Yes ### Log Gist _No response_ ### Screenshots ![image](https://github.com/go-gitea/gitea/assets/40720523/b6eead76-0b6b-4723-bb0b-fc3789250bf5) ### Git Version _No response_ ### Operating System - host os: `Linux 6.6.8-zen1, NixOS, 24.05 (Uakari), 24.05.20231230.b0d36bd` ### How are you running Gitea? I'm using the nixos module. I'm running forgejo now but I have been running gitea before with the same issue so I think it is likely a gitea issue. ### Database PostgreSQL

GiteaMirror added the issue/critical type/bug labels 2025-11-02 10:05:00 -06:00

GiteaMirror closed this issue

2025-11-02 10:05:00 -06:00

GiteaMirror commented

2025-11-02 10:05:01 -06:00

@zokkis commented on GitHub (Feb 10, 2024):

I can't reproduce it locally

add 2 (or more) ssh-keys
verify them
git config gpg.format ssh
git config user.signingkey ~/.ssh/id_rsa.pub
git add -> git commit -S -> git push
now you have to set the user.signingkey to the 2. ssh key path
git add -> git commit -S -> git push

-> both commits are signed

@zokkis commented on GitHub (Feb 10, 2024): I can't reproduce it locally 1. add 2 (or more) ssh-keys 2. verify them 3. `git config gpg.format ssh` 4. `git config user.signingkey ~/.ssh/id_rsa.pub` 5. git add -> git commit -S -> git push 6. now you have to set the `user.signingkey` to the 2. ssh key path 7. git add -> git commit -S -> git push -> both commits are signed

GiteaMirror commented

2025-11-02 10:05:01 -06:00

@MangoIV commented on GitHub (Feb 10, 2024):

Yeah it was my fault. You have to add the mail to the thing. The error message didn’t make that clear. Sorry for that.

@MangoIV commented on GitHub (Feb 10, 2024): Yeah it was my fault. You have to add the mail to the thing. The error message didn’t make that clear. Sorry for that.

GiteaMirror commented

2025-11-02 10:05:01 -06:00

@MangoIV commented on GitHub (Feb 11, 2024):

Perhaps it would still be possible to not show the commit as unsigned when it is signed and in reality it’s just the mail address associated to the key that’s not in the UI…

@MangoIV commented on GitHub (Feb 11, 2024): Perhaps it would still be possible to not show the commit as unsigned when it *is* signed and in reality it’s just the mail address associated to the key that’s not in the UI…

GiteaMirror commented

2025-11-02 10:05:01 -06:00

@zokkis commented on GitHub (Feb 11, 2024):

Can you please give an example how to reproduce it?

As I wrote, I can't reproduce it and SSH-keys dont have any linked EMail. If you mean the config user.email, then there is already a message

And when the EMail is not linked to any Account the username is also not clickable and a random Gravatar is shown

@zokkis commented on GitHub (Feb 11, 2024): Can you please give an example how to reproduce it? As I wrote, I can't reproduce it and SSH-keys dont have any linked EMail. If you mean the config `user.email`, then there is already a message ![image](https://github.com/go-gitea/gitea/assets/72873130/4fe7cd95-d1eb-44f9-ab5f-cb4f8dcbd970) And when the EMail is not linked to any Account the username is also not clickable and a random Gravatar is shown ![image](https://github.com/go-gitea/gitea/assets/72873130/103a8b47-2754-45ea-9513-44cd40b5a23f)

GiteaMirror commented

2025-11-02 10:05:02 -06:00

@MangoIV commented on GitHub (Feb 11, 2024):

Yeah. A random gravatar was shown but the message on it was "no key found for this signature in database" when the actual culprit was having to add the mail address to my profile.

@MangoIV commented on GitHub (Feb 11, 2024): Yeah. A random gravatar was shown but the message on it was "no key found for this signature in database" when the actual culprit was having to add the mail address to my profile.

GiteaMirror commented

2025-11-02 10:05:02 -06:00

@zokkis commented on GitHub (Feb 11, 2024):

Ok, then the problem is not the key. You only have to set the correct email

I don't know how the expected behavior is, but when the Email is wrong there should be a warning next to the name like this

@zokkis commented on GitHub (Feb 11, 2024): Ok, then the problem is not the key. You only have to set the correct email I don't know how the expected behavior is, but when the Email is wrong there should be a warning next to the name like this ![303910282-103a8b47-2754-45ea-9513-44cd40b5a23f](https://github.com/go-gitea/gitea/assets/72873130/2de07a74-441d-41a0-b814-f3c8f1b3547f)

GiteaMirror commented

2025-11-02 10:05:02 -06:00

@MangoIV commented on GitHub (Feb 11, 2024):

in Settings > Account > Manage Email Addresses it is required to have the email set such that it shows the commit as signed.

I.e. say I have a key that is associated with a work email address the key will show as "not found in database" until I add and verify this mail address.

The UI says "no key found for signature" which imo is the wrong thing to say. It is also not documented.

However, it is not per se a bug as I already said, just unexpected behavior.

@MangoIV commented on GitHub (Feb 11, 2024): in `Settings > Account > Manage Email Addresses` it is required to have the email set such that it shows the commit as signed. I.e. say I have a key that is associated with a work email address the key will show as "not found in database" until I add and verify this mail address. The UI says "no key found for signature" which imo is the wrong thing to say. It is also not documented. However, it is not per se a bug as I already said, just unexpected behavior.

GiteaMirror commented

2025-11-02 10:05:02 -06:00

@github-actions[bot] commented on GitHub (Feb 28, 2024):

Automatically locked because of our CONTRIBUTING guidelines

@github-actions[bot] commented on GitHub (Feb 28, 2024): Automatically locked because of our [CONTRIBUTING guidelines](https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md#issue-locking)

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#12305