This is not a bug. You need to install a Pinentry and adjust for the changes in
2.1. Please check with ArchLinux or ask at gnupg-users.

ATTENTION GOOGLERS: SUPER UGLY HACK AVAILABLE

Works better than *EVER* before if you only use keys with an empty passphrase.

1. Download gnupg-2.0.26 source
2. edit g10/call-agent.c
3. go into function agent_get_passphrase
4. comment code from line " rc = start_agent (0); " to " line[DIM(line)-1] = 0;

" (excluding that line)

5. comment whole function call " rc = assuan_transact (agent_ctx, line, ..."

found directly after

6. compile, use it like it should have worked in the first place

Keywords: zero string passphrase empty string passphrase empty key password
empty password gpg linux gpg-agent store passphrase empty pass save password
gpg-agent make gpg agent remember password never enter password gpg private key
password empty no password gpg-agent pinentry no password

Pretty please do not spam the bug tracker with silly keywords spam!

I do not understand your comments.

Is this about 2.1.2 or a 2.0.x version?
Did you read the README with the notes on the removal of secring.gpg?

The only known bug with empty passphrases is that you need to enter the empty
passphrase two times when creating the key.

Does archlinux uses a vanilla source or do they have some extra patches? Please
ask over there or at gnupg-users.

Please read my comments more carefully to understand them. Or maybe you
overlooked the title of the bug?

In order to create my ugly hack, I looked at the source code of both gnupg
versions. The issue is the following:

1. GnuPG calls gpg-agent/pinentry/assuan_transact or whatever you name it.

(2.1.2 & 2.0.26)

2. gpg-agent returns some kind of failure on empty passphrase (2.1.2 & 2.0.26)
3. Now in 2.0.26 gnupg inserted an empty passphrase manually into the buffer,

however, in 2.1.2 it seems that it was desired to not let gnupg have access to
the passphrase at all in the binary. The new code speaks of some kind of
SPK2asdfsa incompatibility. Therefore this easy workaround for gnupgs inability
to handle keys with empty passphrases was no longer possible and developers
chose to just break it.

I really wish there was an alternative for gnupg, named pe-gnupg. Whereas "p" is
for "pragmatic" and e is for "enduser". Because those are both humongous
deficits of gnupg.

You are mixing two very different things. The gpg from 2.1 and the one from 2.0
are entirely different when it comes to gpg-agent communication. "Some kind of
failure" is not very helpful in this regard.

I can only suggest to post your problem to gnupg-users to get more comments.

I am sorry but I am not a gnupg developer and I can only understand what the
code effectively does, respective to what I need to know, not what that implies
to your development ideas.

I saw no handling of empty passphrases in 2.1.2. Could be because it doesn't
exist, could be because it was moved somewhere else now. I don't know what you
know about this. But I can clearly see from multiple instances that you do not
read my comments (e.g. you suggest secring.gpg which is inside ~/.gnupg which I
explicitly said to have removed two times now). Which implies that you cannot
have a clear understanding of the issue at all.

The archlinux gnupg is original with flags --enable-maintainer-mode
--enable-symcryptrun --enable-gpgtar .

The archlinux pinentry is 0.9.0 original with flags --enable-fallback-curses
--enable-pinentry-curses .

Please take this to gnupg-users. I assume this is a misunderstanding we can't
solve here.

I reviewed this issue. I've identified three issues that the reporter is
complaining about:

• Can't create a key with a passphrase (this works)
• Can't import a key that is not protected by a passphrase (this works)
• Can't export a key without protecting it with a passphrase (this is not allowed)

I also moved my mouse between screens in my multi-head setup and gpg did not crash.

I'm marking this issue as resolved.

At least with 2.1.9, it is possible to create a key without a passphrase:

$ gpg2 --gen-key
gpg (GnuPG) 2.1.10-beta132; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
Note: Use "gpg2 --full-gen-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: Empty
Email address: empty@testing.org
You selected this USER-ID:

    "Empty <empty@testing.org>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Please enter the passphrase to
protect your new key
Passphrase:
Repeat:
You have not entered a passphrase - this is in general a bad idea!
Please confirm that you do not want to have any protection on your key.

Yes, protection is not needed
Enter new passphrase

[ye]? y

gpg: key BC364B3A marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, TOFU+PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2015-11-18
pub rsa2048/BC364B3A 2015-11-18

Key fingerprint = 6766 A52A 3E04 F09B E6F7  F80C 920C 9361 BC36 4B3A

uid [ultimate] Empty <empty@testing.org>
sub rsa2048/906F39F0 2015-11-18

It is also possible to import a secret key that doesn't have a passphrase:

$ gpg --no-options --gen-key
gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:

(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)

Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.

   0 = key does not expire
<n>  = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years

Key is valid for? (0) 10
Key expires at Sat 28 Nov 2015 01:21:43 PM CET
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:

    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Empty Passphrase
Email address:
Comment:
You selected this USER-ID:

    "Empty Passphrase"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway. You can change your passphrase at any time,
using this program with the option "--edit-key".

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 201 more bytes)
...+++++
..+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.............+++++
.+++++
gpg: unable to use unknown trust model (7) - assuming PGP trust model
gpg: key 4240CFD8 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: public key of ultimately trusted key BC364B3A not found
gpg: public key of ultimately trusted key 41A7057B not found
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u
gpg: next trustdb check due at 2015-11-28
pub 1024R/4240CFD8 2015-11-18 [expires: 2015-11-28]

Key fingerprint = 4E0D 8EED 3567 4228 7F44  C7D7 92BE 30B6 4240 CFD8

uid Empty Passphrase
sub 1024R/D6CF583D 2015-11-18 [expires: 2015-11-28]

$ gpg --no-options --export-secret-key 4240CFD8 > 4240CFD8.sec
$ gpg2 --import 4240CFD8.sec
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: key 4240CFD8: public key "Empty Passphrase" imported
gpg: key 4240CFD8: secret key imported
gpg: Total number processed: 3
gpg: imported: 1
gpg: secret keys read: 3
gpg: secret keys imported: 2
gpg: 3 marginal(s) needed, 1 complete(s) needed, TOFU+PGP trust model
gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u
gpg: next trustdb check due at 2015-11-18
$ gpg2 -K 4240CFD8
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
sec rsa1024/4240CFD8 2015-11-18 [expires: 2015-11-28]
uid [ultimate] Empty Passphrase
ssb rsa1024/D6CF583D 2015-11-18 [expires: 2015-11-28]