Damian Hickey

Mostly software and .NET related. Mostly.

Signing Mercurial Changesets on Windows

Unfortunately, cryptographic signing of changesets is not a first class citizen in the Mercurial world. Signing of changesets at commit time requires the use of the commitsigs extension. This is how to set it up on windows x64.


  1. Download and install Gpg4win from http://www.gpg4win.org/. Launch
  2. Create a key pair.

Installing commitsigs Extension

  1. Download commitsigs.py and save to desired location. I used %ProgramFiles%\TortoiseHg\extensions
  2. Open your mecurial.ini settings file located at %USERPROFILE%\mercurial.ini
  3. Under the [extensions] add property with path to commitsigs.py

    commitsigs = C:\Program Files\TortoiseHg\extensions\commitsigs.py

  4. Add a [commitsigs] section with the following properties:

    scheme = gnupg
    gnupg.path = C:\Program Files (x86)\GNU\GnuPG\gpg2.exe
    gnupg.flags = --local-user <emailaddress>

    where <emailaddress> is the value you provided when creating your private key.

Your mercurial.ini should look something like this:


Check the plugin is found by mercurial by entering 'hg help commitsigs'. You should see the help output:

Signing commits

When you commit, you will be prompted for your the passphrase for the key you created. If you have pgp-agent.exe running in the background, this will happen once per windows session:

Verifying signatures

Check the changeset signature by issuing 'hg verifysigs':

The signature is part of the changeset and can be visible via 'hg log --debug':

blog comments powered by Disqus