I have trouble verifying my GPG key.
The key is self issued, no expiry date.
Currently I am signing all commits with that same key, all working OK.
When I click on “Verify”, the system provides a token and a place to paste the generated GPG signature.
The proposed method for generating the GPG signature is “echo “<token_number>” | gpg -a --default-key <key_ID> --detach-sig”, which I execute at the cmd prompt.
After entering my password for the certificate I get a “-----BEGIN PGP SIGNATURE----- xxx -----END PGP SIGNATURE-----” block in full ( xxx is a demo value, not to paste all in here ).
I copy/paste the generated signature block into the “Armored GPG signature” box, hit “Verify”.
On top of the page the following error message is stated:
The provided GPG key, signature and token do not match or token is out-of-date.
My Gitea user email address is the same as in certificate.
Is there any step I am missing?
I see nothing wrong in the steps you describe. It probably is a problem (i.e. something creating the problem that is really simple… and that neither you or me are guessing )
Same issue here, using gpg4win + Kleopatra with OpenPGP keys on windows 10. First it asks me to enter my public key, once I try to submit that it asks for a signature which I generate with the given command. Adding the generated signature and trying to submit results in: The provided GPG key, signature and token do not match or token is out-of-date.
I’m having the same problem, and this is the only open thread I found on Google for this issue. Verification works when I do it on Linux, but not Windows.
This is just a reminder to make sure you’re trying to verify the right key. I was stuck on this for like 15 minutes because I had selected the wrong key to verify.
Found a better way: Copy your token, then open Kleopatra, go to the menu bar > Tools > Clipboard > OpenPGP-Sign… then you’ll get the token (message) along with the signature back in your clipboard
I think the problem might be Windows shells messing around with the data, so using the Clipboard function skips over that. I’ve also tried doing gpg sign from file (N0AGI’s way) and Kleopatra Sign/Encrypt file but didn’t work for me for some reason