Could not read PGP secret key

[Loop312]

Hi, I decided to learn how to publish a compose multiplatform library, I followed the instructions shown on the template for it in the readme https://kmp.jetbrains.com/#templateGallery (the Multiplatform library) and I've encountered the following issue:

Execution failed for task ':keyhandler:signAndroidReleasePublication'.

Could not read PGP secret key

or

Execution failed for task ':keyhandler:signDesktopPublication'.

Could not read PGP secret key

depending on the formatting I put in for the "GPG_KEY_CONTENTS"

as for some of the things i changed up during the process of making the library (off the top of my head):

• I transfered the inner build.gradle.kts code from https://kmp.jetbrains.com/#newProject if you select everything but server
• commented the original inner build.gradle.kts (the section that sets up the project structure and compilation stuff)
• added in the wasm folder and any other i thought were missing
• kept the linux and other "useless" folders that came with the project structure
• used gpg4win which gave me kleopatra as my key manager

I also tried creating a new key and trying different configurations with the "GPG_KEY_CONTENTS" but with the same results

here's the repo if it helps pinpoint the issue: https://github.com/Loop312/compose-keyhandler

I also apologize if this is the wrong place to ask, we can continue somewhere else if it's not

[shadmanadman]

I had the same error. Here is what I did to fix it:

• First, you need to make sure that the content of the gpg file that you created is an ASCII key using cat <YOUR GPG FILE>

• If it's not, then you need to regenerate a new one using:
  gpg --armor --export-secret-keys _YOUR_KEY_HERE_ > key.gpg

Also In my case, I had to read and set the gpg keys manually. I used local.properties file:

val keystorePropertiesFile = rootProject.file("local.properties")

val keystoreProperties = Properties()

keystoreProperties.load(FileInputStream(keystorePropertiesFile))

Then I could read the variables:

useInMemoryPgpKeys(
        keystoreProperties["signing.keyId"].toString(),
        File(keystoreProperties["signing.secretKeyFile"].toString()).readText(),
        keystoreProperties["signing.password"].toString()
    )

Keep themavenCentralUsername and mavenCentralPassword in gradle.properties

Happy Coding

[brainstorm]

@shadmanadman How would it work for a non-kotlin (Java) project on GitHub Actions CI? I'm currently facing the same issue with this workflow:

https://github.com/umccr/gatk-bwamem-jni/actions/runs/13646557017/job/38146442330

In my workflow definition, the GPG secret key are imported successfully from a third party GHA action, but this gradle-maven-publish-plugin does not seem to read the GPG ASCII (armor) key properly?

/cc @andrewpatto @reisingerf

[shadmanadman]

@brainstorm Sorry. I did not test this using CI Actions. but maybe after loading your GPG keys, you place them in a temp variable and then assign them manually with useInMemoryPgpKeys

[brainstorm]

@brainstorm Sorry. I did not test this using CI Actions. but maybe after loading your GPG keys, you place them in a temp variable and then assign them manually with useInMemoryPgpKeys

That's precisely the mind-twisting bit: I do have that variable set in secrets.ORG_GRADLE_PROJECT_SIGNINGINMEMORYKEY and the first step in the workflow (nothing to do with the gradle-maven-publish-plugin), picks that private key up just fine, with the following output:

  gpg: directory '/home/runner/.gnupg' created
  gpg: keybox '/home/runner/.gnupg/pubring.kbx' created
  gpg: /home/runner/.gnupg/trustdb.gpg: trustdb created
  gpg: key 05AB94DF3E685B24: public key "UMCCR <[email protected]>" imported
  gpg: key 05AB94DF3E685B24: secret key imported
  gpg: Total number processed: 1
  gpg:               imported: 1
  gpg:       secret keys read: 1
  gpg:   secret keys imported: 1

But then, gradle-maven-publish-plugin config section on CI fails on the exact same "in memory key" variable:

      - name: Publish package
        run: ./gradlew publishAndReleaseToMavenCentral --no-configuration-cache
        env:
          ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.ORG_GRADLE_PROJECT_MAVENCENTRALUSERNAME }}
          ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.ORG_GRADLE_PROJECT_MAVENCENTRALPASSWORD }}
          ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGINMEMORYKEY }}
          ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGINMEMORYKEYID }}
          ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGINMEMORYKEYPASSWORD }}

[shadmanadman]

@brainstorm
did you apply the signing plugin in you gradle file?
id("signing")

[brainstorm]

@brainstorm did you apply the signing plugin in you gradle file? id("signing")

Yes, it's right here... unless I'm doing something wrong defining and/or using it?:

plugins {
    id 'java'
    id "com.vanniktech.maven.publish" version "0.31.0-rc1"
    id 'signing'
    id 'com.palantir.git-version' version '3.1.0' //version helper
}

[brainstorm]

And fails the same way with that id 'signing' commented and signAllPublications() left on the mavenPublishing() block:

https://github.com/umccr/gatk-bwamem-jni/actions/runs/13666426147/job/38208540067

I'm following a very similar setup to this one from JetBrains: https://www.jetbrains.com/help/kotlin-multiplatform-dev/multiplatform-publish-libraries.html

[brainstorm]

I can reproduce it locally too:

% cat ~/.gradle/gradle.properties
signingInMemorykeyId="THEKEYID"
signingInMemoryKeyPassword="THEPASSWORD"
signingInMemoryKey="THEKEY"

Yields the same error message:

% ./gradlew publishAndReleaseToMavenCentral

> Task :buildBwaLib
using /Library/Java/JavaVirtualMachines/amazon-corretto-23.jdk/Contents/Home -> /Library/Java/JavaVirtualMachines/amazon-corretto-23.jdk/Contents/Home as JAVA_HOME
/Applications/Xcode.app/Contents/Developer/usr/bin/make CFLAGS="-ggdb -O2 -Wall -std=gnu99  -D_DEFAULT_SOURCE -fPIC -I/Library/Java/JavaVirtualMachines/amazon-corretto-23.jdk/Contents/Home/include -I/Library/Java/JavaVirtualMachines/amazon-corretto-23.jdk/Contents/Home/include/darwin -I simde-no-tests/" -C bwa libbwa.a
make[1]: `libbwa.a' is up to date.

> Task :signMavenPublication FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':signMavenPublication'.
> Could not read PGP secret key

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.
> Get more help at https://help.gradle.org.

BUILD FAILED in 765ms
11 actionable tasks: 7 executed, 4 up-to-date

And yes, I tried the two options outlined by @gabrielittner to no avail, as well as numerous different formattings for that private key, no dice :/

[fabriziofortino]

I had the same error. In my case, the key id was not in the correct format. Long Key ID (16 characters) works.
@brainstorm by adding --debug --stacktrace here you should get the actual cause.