Page MenuHome GnuPG

GPG Portable on USB-Stick - Problems with GnuPG 2.2.30
Open, HighPublic

Description

I use GPG on my USB-Stick as portable Version.

GnuPG 2.2.27 version makes no problems. It works perfect.

GPG is portable if the file »gpgconf.ctl« (0-byte-file) is available in folder »bin«.

After calling gpg.exe, a »home« folder (USB-version) is created instead of »gnupg« folder.

My GPG-Home-Dir (home folder) is complete (with secret and public keys).

The command gpg -k works perfect.

The gpg -K command outputs the following error message:

gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen

It's not possible to sign or encrypt files.
After gpg -esr »Name« Readme.txt

The following error message is output:

Y:\GPG_Portable\bin>gpg -esr »NAME« Y:\README.txt
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: WARNUNG: "0xABCDEF1234567890" wird nicht als voreingestellter geheimer Schlüssel benutzt: Kein geheimer Schlüsselel
gpg: Alle für '--default-keyy' angegebenen Werte wurden ignoriert
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: keydb_search failed: Agent läuft nichtt
gpg: no default secret key: Agent läuft nichtt
gpg: Y:\README.txt: sign+encrypt failed: Agent läuft nichtt

--> Spelling mistakes in the german error message: Schlüsselel, --default-keyy, nichtt
--> Name and ID 0xABCDEF1234567890 changed by me.
--> My OS: Windows 8.1 x64 German

Details

Version
GnuPG 2.2.30

Event Timeline

Please show us the output of

gpgconf --list-dirs -v

I wonder about the spelling errors. For particular

 log_info (_("all values passed to '%s' ignored\n"),
           "--default-key");
msgid "all values passed to '%s' ignored\n"
msgstr "Alle für '%s' angegebenen Werte wurden ignoriert\n"

which can't lead to t the doubled 'y' in your transcription. Similar for the Schlüsselei - the last two letters are not from the error message.

Hello Mr. Koch,

Here is the result of gpgconf --list-dirs -v

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. Alle Rechte vorbehalten.

Y:\>gpgconf --kill gpg-agent

Y:\>PATH=%cd%\GPG_Portable\bin\

Y:\>gpg --version
gpg (GnuPG) 2.2.30
libgcrypt 1.8.8
Copyright (C) 2021 g10 Code GmbH
License GNU GPL-3.0-or-later https://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: Y:/GPG_Portable/home
Unterstützte Verfahren:
Öff. Schlüssel: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Verschlü.: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,

CAMELLIA128, CAMELLIA192, CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Komprimierung: nicht komprimiert, ZIP, ZLIB, BZIP2
gpg (GnuPG) 2.2.30
libgcrypt 1.8.8
Copyright (C) 2021 g10 Code GmbH
License GNU GPL-3.0-or-later https://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: Y:/GPG_Portable/home
Unterstützte Verfahren:
Öff. Schlüssel: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Verschlü.: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,

CAMELLIA128, CAMELLIA192, CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Komprimierung: nicht komprimiert, ZIP, ZLIB, BZIP2

Y:\>gpgconf --list-dirs -v
sysconfdir:Y%3a\GPG_Portable\etc\gnupg
bindir:Y%3a\GPG_Portable\bin
libexecdir:Y%3a\GPG_Portable\bin
libdir:Y%3a\GPG_Portable\lib\gnupg
datadir:Y%3a\GPG_Portable\share\gnupg
localedir:Y%3a\GPG_Portable\share\locale
socketdir:Y%3a\GPG_Portable\gnupg
dirmngr-socket:Y%3a\GPG_Portable\gnupg\S.dirmngr
agent-ssh-socket:Y%3a\GPG_Portable\gnupg\S.gpg-agent.ssh
agent-extra-socket:Y%3a\GPG_Portable\gnupg\S.gpg-agent.extra
agent-browser-socket:Y%3a\GPG_Portable\gnupg\S.gpg-agent.browser
agent-socket:Y%3a\GPG_Portable\gnupg\S.gpg-agent
homedir:Y%3a\GPG_Portable\home
gpgconf: Warning: homedir taken from registry key (Software\GNU\GnuPG:HomeDir) in HKCU

Y:\>gpg -k

Y:/GPG_Portable/home/pubring.kbx

pub rsa2048 2017-10-18 [SC]

4D34A9885851F3F662E7730719BE9AE0078CE7E0

uid [ unbekannt ] Testx Testy <test@test.de>
sub rsa2048 2017-10-18 [E]

Y:\>gpg -K
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen

Y:\>gpg -esr Testx README.txt
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: keydb_search failed: Agent läuft nichtt
gpg: no default secret key: Agent läuft nichtt
gpg: README.txt: sign+encrypt failed: Agent läuft nichtt

Y:\>REM Testschlüssel installiert, ohne gpgconf und gpg-agent.conf

Y:\>REM Komplette Ansicht ohne Kürzung oder Veränderung!

Y:\>

--> Again: Double letters. »nichtt«

The same problem. Portable mode is completely broken in v2.3.2 and v2.2.30 on Windows.

We will look into it but nevertheless I have to remark that this this portable thing is dangerous to use and you should avoid it.

I'm not sure that the portable mode is a culprit here.
Something is very wrong with gpg-agent/pinentry.
Even symmetric decryption doesn't work in 2.3.2/2.2.30:

C:\Tools\GnuPG\bin>gpg.exe -c README.txt
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: AllowSetForegroundWindow(9700) failed: Access is denied.
gpg: AllowSetForegroundWindow(912) failed: Access is denied.

C:\Tools\GnuPG\bin>gpgconf --kill gpg-agent

C:\Tools\GnuPG\bin>gpg.exe -d README.txt.gpg
gpg: AES256.CFB encrypted data
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: problem with the agent: End of file
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key

With --pinentry-mode loopback the same problem:

C:\Tools\GnuPG\bin>gpg.exe -c --pinentry-mode loopback README.txt
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag

C:\Tools\GnuPG\bin>gpgconf --kill gpg-agent

C:\Tools\GnuPG\bin>gpg.exe -d  --pinentry-mode loopback README.txt.gpg
gpg: AES256.CFB encrypted data
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: problem with the agent: End of file
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key

Few more logs from 2.3.2 and 2.2.29 (for comparison):

v2.3.2

C:\Tools\GPG\bin>gpg.exe -d --pinentry-mode loopback --verbose --debug-all readme.txt.gpg
gpg: reading options from '[cmdline]'
gpg: Note: RFC4880bis features are enabled.
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [no clock] start
gpg: DBG: fd_cache_open (readme.txt.gpg) not cached
gpg: DBG: iobuf-1.0: open 'readme.txt.gpg' desc=file_filter(fd) fd=224
gpg: DBG: iobuf-1.0: underflow: buffer size: 65536; still buffered: 0 => space for 65536 bytes
gpg: DBG: iobuf-1.0: underflow: A->FILTER (65536 bytes)
gpg: DBG: iobuf-1.0: A->FILTER() returned rc=0 (ok), read 87 bytes
gpg: DBG: parse_packet(iob=1): type=3 length=13 (parse./home/wk/b/gnupg/dist/PLAY-release/gnupg-w32-2.3.2/g10/mainproc.c.1550)
gpg: AES256.CFB encrypted data
gpg: no running gpg-agent - starting 'C:\\Tools\\GPG\\bin\\gpg-agent.exe'
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: waiting for the agent to come up ... (5s)
gpg: DBG: chan_0x0000017c <- OK Pleased to meet you
gpg: connection to the agent established
gpg: DBG: chan_0x0000017c -> RESET
gpg: DBG: chan_0x0000017c <- OK
gpg: DBG: chan_0x0000017c -> GETINFO version
gpg: DBG: chan_0x0000017c <- D 2.3.2
gpg: DBG: chan_0x0000017c <- OK
gpg: DBG: chan_0x0000017c -> OPTION allow-pinentry-notify
gpg: DBG: chan_0x0000017c <- OK
gpg: DBG: chan_0x0000017c -> OPTION agent-awareness=2.1.0
gpg: DBG: chan_0x0000017c <- OK
gpg: DBG: chan_0x0000017c -> OPTION pinentry-mode=loopback
gpg: DBG: chan_0x0000017c <- OK
gpg: DBG: chan_0x0000017c -> GETINFO cmd_has_option GET_PASSPHRASE repeat
gpg: DBG: chan_0x0000017c <- OK
gpg: DBG: chan_0x0000017c -> GETINFO cmd_has_option GET_PASSPHRASE newsymkey
gpg: DBG: chan_0x0000017c <- OK
gpg: DBG: chan_0x0000017c -> GET_PASSPHRASE --data --repeat=0 -- S4A761E66D1E1733B X X Please+enter+the+passphrase+for+decryption.
gpg: DBG: chan_0x0000017c <- S INQUIRE_MAXLEN 255
gpg: DBG: chan_0x0000017c <- INQUIRE PASSPHRASE
gpg: DBG: chan_0x0000017c -> D 123456
gpg: DBG: chan_0x0000017c -> END
gpg: DBG: chan_0x0000017c <- [eof]
gpg: problem with the agent: End of file
gpg: DBG: free_packet() type=3
gpg: DBG: parse_packet(iob=1): type=18 length=70 (new_ctb) (parse./home/wk/b/gnupg/dist/PLAY-release/gnupg-w32-2.3.2/g10/mainproc.c.1550)
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key
gpg: DBG: free_packet() type=18
gpg: DBG: iobuf-1.0: underflow: buffer size: 65536; still buffered: 0 => space for 65536 bytes
gpg: DBG: iobuf-1.0: underflow: A->FILTER (65536 bytes)
gpg: DBG: iobuf-1.0: A->FILTER() returned rc=-1 (EOF), read 0 bytes
gpg: DBG: readme.txt.gpg: close fd/handle 224
gpg: DBG: fd_cache_close (readme.txt.gpg) new slot created
gpg: DBG: iobuf-1.0: close '?'
gpg: DBG: [no clock] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: objcache: keys=0/0/0 chains=0,0..0 buckets=0/0 attic=0
gpg: objcache: uids=0/0/0 chains=0,0..0 buckets=0/0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x00000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks

v.2.2.29 (works fine):

C:\Tools\GnuPG\bin>gpg.exe -d --pinentry-mode loopback --verbose --debug-all readme.txt.gpg
gpg: reading options from 'C:/Tools/GnuPG/home/gpg.conf'
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: fd_cache_open (readme.txt.gpg) not cached
gpg: DBG: iobuf-1.0: open 'readme.txt.gpg' desc=file_filter(fd) fd=356
gpg: DBG: iobuf-1.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.0: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-1.0: A->FILTER() returned rc=0 (ok), read 87 bytes
gpg: DBG: parse_packet(iob=1): type=3 length=13 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.29/g10/mainproc.c.1566)
# off=0 ctb=8c tag=3 hlen=2 plen=13
:symkey enc packet: version 4, cipher 9, aead 0,s2k 3, hash 2
	salt 4A761E66D1E1733B, count 48234496 (247)
gpg: AES256.CFB encrypted data
gpg: no running gpg-agent - starting 'C:\Tools\GnuPG\bin\gpg-agent.exe'
gpg: DBG: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: waiting for the agent to come up ... (5s)
gpg: DBG: chan_0x00000190 <- OK Pleased to meet you
gpg: connection to agent established
gpg: DBG: chan_0x00000190 -> RESET
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: chan_0x00000190 -> GETINFO version
gpg: DBG: chan_0x00000190 <- D 2.2.29
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: chan_0x00000190 -> OPTION allow-pinentry-notify
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: chan_0x00000190 -> OPTION agent-awareness=2.1.0
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: chan_0x00000190 -> OPTION pinentry-mode=loopback
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: chan_0x00000190 -> GETINFO cmd_has_option GET_PASSPHRASE repeat
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: chan_0x00000190 -> GETINFO cmd_has_option GET_PASSPHRASE newsymkey
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: chan_0x00000190 -> GET_PASSPHRASE --data --repeat=0 -- S4A761E66D1E1733B X X Please+enter+the+passphrase+for+decryption.
gpg: DBG: chan_0x00000190 <- S INQUIRE_MAXLEN 255
gpg: DBG: chan_0x00000190 <- INQUIRE PASSPHRASE
gpg: DBG: chan_0x00000190 -> D 123456
gpg: DBG: chan_0x00000190 -> END
gpg: DBG: chan_0x00000190 <- D 123456
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: free_packet() type=3
gpg: DBG: parse_packet(iob=1): type=18 length=70 (new_ctb) (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.29/g10/mainproc.c.1566)
# off=15 ctb=d2 tag=18 hlen=2 plen=70 new-ctb
:encrypted data packet:
	length: 70
	mdc_method: 2
gpg: encrypted with 1 passphrase
gpg: DBG: iobuf-1.1: push 'mdc_decode_filter'
gpg: DBG: iobuf chain: 1.1 'mdc_decode_filter' filter_eof=0 start=0 len=0
gpg: DBG: iobuf chain: 1.0 'file_filter(fd)' filter_eof=0 start=36 len=87
gpg: DBG: iobuf-1.1: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.1: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-1.1: A->FILTER() returned rc=0 (ok), read 29 bytes
gpg: DBG: parse_packet(iob=1): type=8 length=0 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.29/g10/mainproc.c.1566)
# off=36 ctb=a3 tag=8 hlen=1 plen=0 indeterminate
:compressed packet: algo=1
gpg: DBG: iobuf-1.2: push 'compress_filter'
gpg: DBG: iobuf chain: 1.2 'compress_filter' filter_eof=0 start=0 len=0
gpg: DBG: iobuf chain: 1.1 'mdc_decode_filter' filter_eof=0 start=2 len=29
gpg: DBG: iobuf chain: 1.0 'file_filter(fd)' filter_eof=0 start=87 len=87
gpg: DBG: iobuf-1.2: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.2: underflow: A->FILTER (8192 bytes)
gpg: DBG: begin inflate: avail_in=0, avail_out=8192, inbuf=2048
gpg: DBG: iobuf-1.1: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.1: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-1.1: A->FILTER() returned rc=-1 (EOF), read 0 bytes
gpg: DBG: iobuf-1.1: pop in underflow (nothing buffered, got EOF)
gpg: DBG: iobuf chain: 1.0 'file_filter(fd)' filter_eof=0 start=87 len=87
gpg: DBG: enter inflate: avail_in=28, avail_out=8192
gpg: DBG: leave inflate: avail_in=1, avail_out=8167, zrc=1
gpg: DBG: do_uncompress: returning 25 bytes (1 ignored)
gpg: DBG: iobuf-1.2: A->FILTER() returned rc=-1 (EOF), read 25 bytes
gpg: DBG: parse_packet(iob=1): type=11 length=23 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.29/g10/mainproc.c.1566)
# off=38 ctb=ac tag=11 hlen=2 plen=23
:literal data packet:
	mode b (62), created 1631487134, name="readme.txt",
	raw data: 7 bytes
gpg: original file name='readme.txt'
Test 
gpg: DBG: free_packet() type=11
gpg: DBG: iobuf-1.2: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.2: underflow: eof (pending eof)
gpg: DBG: iobuf-1.2: filter popped (pending EOF returned)
gpg: DBG: iobuf chain: 1.0 'file_filter(fd)' filter_eof=0 start=87 len=87
gpg: DBG: free_packet() type=63
gpg: DBG: free_packet() type=8
gpg: DBG: iobuf-1.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.0: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-1.0: A->FILTER() returned rc=-1 (EOF), read 0 bytes
gpg: DBG: readme.txt.gpg: close fd/handle 356
gpg: DBG: fd_cache_close (readme.txt.gpg) new slot created
gpg: decryption okay
gpg: DBG: free_packet() type=18
gpg: DBG: iobuf-1.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.0: underflow: eof (pending eof)
gpg: DBG: iobuf-1.0: close '?'
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x00000000 calls=0 bytes=0
gpg: secmem usage: 64/32768 bytes in 1 blocks
werner triaged this task as High priority.

The breakaway job notices should definitely only be emitted in verbose mode. For the other things I need to check.

gpg: can't connect to the agent: IPC connect call failed

This problem with portable mode in Windows can be solved by creating additional gnupg folder near bin, home, share.
I don't know why, but gpg-agent v2.3.2/2.2.30 in Windows in portable mode creates files S.gpg-agent.* in gnupg, not in home folder. And it doesn't work without gnupg folder.

So, maybe its are separate issues (portable mode gpg: can't connect to the agent and gpg: problem with the agent: End of file).

@ikloecker
Thank you.
So it's a different issue.
Sorry, I was confused because after solving the gpg: can't connect to the agent I instantly got gpg: problem with the agent: End of file.

Key verification: Double Number in the end of fingerprint:
The same problem, as with the portable version.

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. Alle Rechte vorbehalten.

C:\Downloads\4>chcp
Aktive Codepage: 65001.

C:\Downloads\4>gpg --version
gpg (GnuPG) 2.2.31
libgcrypt 1.8.8
Copyright (C) 2021 g10 Code GmbH
License GNU GPL-3.0-or-later https://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: D:/SYNC/gnupg
Unterstützte Verfahren:
Öff. Schlüssel: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Verschlü.: CAST5, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192,

CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Komprimierung: nicht komprimiert, ZIP, ZLIB, BZIP2
gpg (GnuPG) 2.2.31
libgcrypt 1.8.8
Copyright (C) 2021 g10 Code GmbH
License GNU GPL-3.0-or-later https://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: D:/SYNC/gnupg
Unterstützte Verfahren:
Öff. Schlüssel: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Verschlü.: CAST5, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192,

CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Komprimierung: nicht komprimiert, ZIP, ZLIB, BZIP2

C:\Downloads\4>dir
Datenträger in Laufwerk C: ist Windows 8.1
Volumeseriennummer: 8EFB-A9E0

Verzeichnis von C:\Downloads\4

23.09.2021 02:25 <DIR> .
23.09.2021 02:25 <DIR> ..
22.09.2021 19:54 75.569 derivative.asc
18.09.2021 20:50 2.224.968.192 Whonix-XFCE-16.0.3.1.ova
22.09.2021 16:41 1.020 Whonix-XFCE-16.0.3.1.ova.asc
22.09.2021 16:41 155 Whonix-XFCE-16.0.3.1.sha512sums
22.09.2021 16:41 1.032 Whonix-XFCE-16.0.3.1.sha512sums.asc
22.09.2021 16:41 144 Whonix-XFCE-16.0.3.1.sha512sums.sig

6 Datei(en),  2.225.046.112 Bytes
2 Verzeichnis(se), 314.250.084.352 Bytes frei

C:\Downloads\4>gpg --verify Whonix-XFCE-16.0.3.1.sha512sums.asc
gpg: die unterzeichneten Daten sind wohl in 'Whonix-XFCE-16.0.3.1.sha512sums'
gpg: Signatur vom 18.09.2021 20:50:57 Mitteleurop�ische Sommerzeit
gpg: mittels RSA-Schlüssel 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C488
gpg: Korrekte Signatur von "Patrick Schleizer <adrelanos@riseup.net>" [unbekannt]
gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur!
r!
gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört.
.
Haupt-Fingerabdruck = 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA
Unter-Fingerabdruck = 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48

C:\Downloads\4>

The sub-finger print is displayed incorrectly! Doubling the last digit! Here: Number ...3C48»8« at the end of the fingerprint!

gpg: mittels RSA-Schlüssel 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C488 (Incorrect!!)
Unter-Fingerabdruck = 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48 (OK)

Sorry, I am not abale to replicate this with standard version of gpg. Hwoever, the portable version only changes the directories and nothing at the output code paths. THus I really wonder what's going on here. Note that the spaces used to indent the "mittels ..." are also missing.

Can you please provide the output of "gpgconf -show-versions"?

Somehow this looks like a bug in gettext or our usage of it. It seems as if the last characters of strings appended to translated texts are sometimes doubled as if the string was built twice, once with 1 or 2 more characters and then overwritten with a slightly shorter string. Very strange.

Hello Mr. Koch,

I have also installed GPG on my notebook (not portable) and see the same output problems at the line end.
Strange characters are also issued in a new line: »r!« and ».«

Here is the output of the command prompt:

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. Alle Rechte vorbehalten.

C:\Windows\system32>gpgconf --show-versions

MingW32
Windows 6.3 build 9600

version:1.8.8:10808:1.42:12a00:
cc:80300:gcc:8.3-win32 20190406:
ciphers:arcfour:blowfish:cast5:des:aes:twofish:serpent:rfc2268:seed:camellia:idea:salsa20:gost28147:chacha20:
pubkeys:dsa:elgamal:rsa:ecc:
digests:crc:gostr3411-94::md4:md5:rmd160:sha1:sha256:sha512:sha3:tiger:whirlpool:stribog:blake2:
rnd-mod:w32:
cpu-arch:x86:
mpi-asm:i386/mpih-add1.S:i386/mpih-sub1.S:i386/mpih-mul1.S:i386/mpih-mul2.S:i386/mpih-mul3.S:i386/mpih-lshift.S:i386/mpih-rshift.S:
hwflist:intel-cpu:intel-ssse3:intel-sse4.1:intel-pclmul:intel-rdrand:intel-rdtsc:
fips-mode:n:n:
rng-type:standard:1:2010000:1:

C:\Windows\system32>chcp
Aktive Codepage: 65001.

C:\Windows\system32>gpg --version
gpg (GnuPG) 2.2.31
libgcrypt 1.8.8
Copyright (C) 2021 g10 Code GmbH
License GNU GPL-3.0-or-later https://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: D:/SYNC/gnupg
Unterstützte Verfahren:
Öff. Schlüssel: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Verschlü.: CAST5, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192,

CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Komprimierung: nicht komprimiert, ZIP, ZLIB, BZIP2

C:\Windows\system32>

That looks all pretty standard. I don't know what's going on. I need to be able to replicate it here.

@rainer: Can you please run one of the failing commands using

gpg ..... 2>somefile

so that we can exclude that the problem is related to the Windws console.

FWIW: In GnuPG 2.3 we are using a thing called string-filter for '%s" in format strings to sanitize the passed value. For example the fingerprint is printed using a "%s".
See https://dev.gnupg.org/source/libgpg-error/browse/master/src/logging.c$708 . But not with gnupg 2.2.

There is also our own gettext implementation - but that thing is used for more than a decade.

@Reiner: Any news; were you able to run the the command with redirection to some file?

Hello Mr. Koch,

The same problem in the CMD with the current version (2.2.32), but the result of the redirection is fine.

C:\test>gpg --verify Whonix-XFCE-16.0.3.1.sha512sums.asc
gpg: die unterzeichneten Daten sind wohl in 'Whonix-XFCE-16.0.3.1.sha512sums'
gpg: Signatur vom 18.09.2021 20:50:57 Mitteleurop�ische Sommerzeit
gpg: mittels RSA-Schlüssel 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C488
gpg: Korrekte Signatur von "Patrick Schleizer <adrelanos@riseup.net>" [unbekannt]
gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur!
r!
gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört.
.
Haupt-Fingerabdruck = 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA
Unter-Fingerabdruck = 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48

C:\test>gpg --verify Whonix-XFCE-16.0.3.1.sha512sums.asc 2>Ergebnis.txt

File content of the text file: Ergebnis.txt
gpg: die unterzeichneten Daten sind wohl in 'Whonix-XFCE-16.0.3.1.sha512sums'
gpg: Signatur vom 18.09.2021 20:50:57 Mitteleuropäische Sommerzeit
gpg: mittels RSA-Schlüssel 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
gpg: Korrekte Signatur von "Patrick Schleizer <adrelanos@riseup.net>" [unbekannt]
gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur!
gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört.
Haupt-Fingerabdruck = 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA
Unter-Fingerabdruck = 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48

The German umlauts (ÄÖÜ + ß) are not the problem.

I think that this is due to support of UTF-8 codepage problem by console.

Let us consider two cases of text (nichtt one and default-keyy one).

Internally, by libgpg-error, write function is called two times to output the texts.

  • "gpg: keydb_search failed: %s\n" with "Agent läuft nicht"
    • once with "gpg: keydb_search failed: Agent läuft nicht"
    • then for newline
  • "Alle für '%s' angegebenen Werte wurden ignoriert\n" with "--default-key"
    • once with "Alle für '--default-key'"
    • then with "' angegebenen Werte wurden ignoriert\n"

This is due to line-buffered output of estream, and how it is handled (when new line char is found, flush, then next).

From here, it's totally my guess.

Suppose that console application does something like:
(1) Firstly, try to output the UTF-8 string as text of 8-bit chars. Output routine returns failure, when some char has no font.
(2) If it fails, next, output the UTF-8 string as UTF-8 multibyte string.

(Note that this is the way we do in ttyio.c:w32_write_console.)

In this case, it might result:

gpg: keydb_search failed: Agent l__uft nicht
gpg: keydb_search failed: Agent läuft nicht

->

gpg: keydb_search failed: Agent läuft nichtt

and

Alle f__r '--default-key
Alle für '--default-key

followed by

' angegebenen Werte wurden ignoriert

->

Alle für '--default-keyy' angegebenen Werte wurden ignoriert