Page MenuHome GnuPG

GPG Portable on USB-Stick - Problems with GnuPG 2.2.30
Open, HighPublic

Description

I use GPG on my USB-Stick as portable Version.

GnuPG 2.2.27 version makes no problems. It works perfect.

GPG is portable if the file »gpgconf.ctl« (0-byte-file) is available in folder »bin«.

After calling gpg.exe, a »home« folder (USB-version) is created instead of »gnupg« folder.

My GPG-Home-Dir (home folder) is complete (with secret and public keys).

The command gpg -k works perfect.

The gpg -K command outputs the following error message:

gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen

It's not possible to sign or encrypt files.
After gpg -esr »Name« Readme.txt

The following error message is output:

Y:\GPG_Portable\bin>gpg -esr »NAME« Y:\README.txt
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: WARNUNG: "0xABCDEF1234567890" wird nicht als voreingestellter geheimer Schlüssel benutzt: Kein geheimer Schlüsselel
gpg: Alle für '--default-keyy' angegebenen Werte wurden ignoriert
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: keydb_search failed: Agent läuft nichtt
gpg: no default secret key: Agent läuft nichtt
gpg: Y:\README.txt: sign+encrypt failed: Agent läuft nichtt

--> Spelling mistakes in the german error message: Schlüsselel, --default-keyy, nichtt
--> Name and ID 0xABCDEF1234567890 changed by me.
--> My OS: Windows 8.1 x64 German

Details

Version
GnuPG 2.2.30

Event Timeline

Please show us the output of

gpgconf --list-dirs -v

I wonder about the spelling errors. For particular

 log_info (_("all values passed to '%s' ignored\n"),
           "--default-key");
msgid "all values passed to '%s' ignored\n"
msgstr "Alle für '%s' angegebenen Werte wurden ignoriert\n"

which can't lead to t the doubled 'y' in your transcription. Similar for the Schlüsselei - the last two letters are not from the error message.

Hello Mr. Koch,

Here is the result of gpgconf --list-dirs -v

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. Alle Rechte vorbehalten.

Y:\>gpgconf --kill gpg-agent

Y:\>PATH=%cd%\GPG_Portable\bin\

Y:\>gpg --version
gpg (GnuPG) 2.2.30
libgcrypt 1.8.8
Copyright (C) 2021 g10 Code GmbH
License GNU GPL-3.0-or-later https://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: Y:/GPG_Portable/home
Unterstützte Verfahren:
Öff. Schlüssel: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Verschlü.: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,

CAMELLIA128, CAMELLIA192, CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Komprimierung: nicht komprimiert, ZIP, ZLIB, BZIP2
gpg (GnuPG) 2.2.30
libgcrypt 1.8.8
Copyright (C) 2021 g10 Code GmbH
License GNU GPL-3.0-or-later https://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: Y:/GPG_Portable/home
Unterstützte Verfahren:
Öff. Schlüssel: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Verschlü.: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,

CAMELLIA128, CAMELLIA192, CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Komprimierung: nicht komprimiert, ZIP, ZLIB, BZIP2

Y:\>gpgconf --list-dirs -v
sysconfdir:Y%3a\GPG_Portable\etc\gnupg
bindir:Y%3a\GPG_Portable\bin
libexecdir:Y%3a\GPG_Portable\bin
libdir:Y%3a\GPG_Portable\lib\gnupg
datadir:Y%3a\GPG_Portable\share\gnupg
localedir:Y%3a\GPG_Portable\share\locale
socketdir:Y%3a\GPG_Portable\gnupg
dirmngr-socket:Y%3a\GPG_Portable\gnupg\S.dirmngr
agent-ssh-socket:Y%3a\GPG_Portable\gnupg\S.gpg-agent.ssh
agent-extra-socket:Y%3a\GPG_Portable\gnupg\S.gpg-agent.extra
agent-browser-socket:Y%3a\GPG_Portable\gnupg\S.gpg-agent.browser
agent-socket:Y%3a\GPG_Portable\gnupg\S.gpg-agent
homedir:Y%3a\GPG_Portable\home
gpgconf: Warning: homedir taken from registry key (Software\GNU\GnuPG:HomeDir) in HKCU

Y:\>gpg -k

Y:/GPG_Portable/home/pubring.kbx

pub rsa2048 2017-10-18 [SC]

4D34A9885851F3F662E7730719BE9AE0078CE7E0

uid [ unbekannt ] Testx Testy <test@test.de>
sub rsa2048 2017-10-18 [E]

Y:\>gpg -K
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen

Y:\>gpg -esr Testx README.txt
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
gpg: keydb_search failed: Agent läuft nichtt
gpg: no default secret key: Agent läuft nichtt
gpg: README.txt: sign+encrypt failed: Agent läuft nichtt

Y:\>REM Testschlüssel installiert, ohne gpgconf und gpg-agent.conf

Y:\>REM Komplette Ansicht ohne Kürzung oder Veränderung!

Y:\>

--> Again: Double letters. »nichtt«

The same problem. Portable mode is completely broken in v2.3.2 and v2.2.30 on Windows.

We will look into it but nevertheless I have to remark that this this portable thing is dangerous to use and you should avoid it.

I'm not sure that the portable mode is a culprit here.
Something is very wrong with gpg-agent/pinentry.
Even symmetric decryption doesn't work in 2.3.2/2.2.30:

C:\Tools\GnuPG\bin>gpg.exe -c README.txt
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: AllowSetForegroundWindow(9700) failed: Access is denied.
gpg: AllowSetForegroundWindow(912) failed: Access is denied.

C:\Tools\GnuPG\bin>gpgconf --kill gpg-agent

C:\Tools\GnuPG\bin>gpg.exe -d README.txt.gpg
gpg: AES256.CFB encrypted data
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: problem with the agent: End of file
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key

With --pinentry-mode loopback the same problem:

C:\Tools\GnuPG\bin>gpg.exe -c --pinentry-mode loopback README.txt
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag

C:\Tools\GnuPG\bin>gpgconf --kill gpg-agent

C:\Tools\GnuPG\bin>gpg.exe -d  --pinentry-mode loopback README.txt.gpg
gpg: AES256.CFB encrypted data
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: problem with the agent: End of file
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key

Few more logs from 2.3.2 and 2.2.29 (for comparison):

v2.3.2

C:\Tools\GPG\bin>gpg.exe -d --pinentry-mode loopback --verbose --debug-all readme.txt.gpg
gpg: reading options from '[cmdline]'
gpg: Note: RFC4880bis features are enabled.
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [no clock] start
gpg: DBG: fd_cache_open (readme.txt.gpg) not cached
gpg: DBG: iobuf-1.0: open 'readme.txt.gpg' desc=file_filter(fd) fd=224
gpg: DBG: iobuf-1.0: underflow: buffer size: 65536; still buffered: 0 => space for 65536 bytes
gpg: DBG: iobuf-1.0: underflow: A->FILTER (65536 bytes)
gpg: DBG: iobuf-1.0: A->FILTER() returned rc=0 (ok), read 87 bytes
gpg: DBG: parse_packet(iob=1): type=3 length=13 (parse./home/wk/b/gnupg/dist/PLAY-release/gnupg-w32-2.3.2/g10/mainproc.c.1550)
gpg: AES256.CFB encrypted data
gpg: no running gpg-agent - starting 'C:\\Tools\\GPG\\bin\\gpg-agent.exe'
gpg: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: waiting for the agent to come up ... (5s)
gpg: DBG: chan_0x0000017c <- OK Pleased to meet you
gpg: connection to the agent established
gpg: DBG: chan_0x0000017c -> RESET
gpg: DBG: chan_0x0000017c <- OK
gpg: DBG: chan_0x0000017c -> GETINFO version
gpg: DBG: chan_0x0000017c <- D 2.3.2
gpg: DBG: chan_0x0000017c <- OK
gpg: DBG: chan_0x0000017c -> OPTION allow-pinentry-notify
gpg: DBG: chan_0x0000017c <- OK
gpg: DBG: chan_0x0000017c -> OPTION agent-awareness=2.1.0
gpg: DBG: chan_0x0000017c <- OK
gpg: DBG: chan_0x0000017c -> OPTION pinentry-mode=loopback
gpg: DBG: chan_0x0000017c <- OK
gpg: DBG: chan_0x0000017c -> GETINFO cmd_has_option GET_PASSPHRASE repeat
gpg: DBG: chan_0x0000017c <- OK
gpg: DBG: chan_0x0000017c -> GETINFO cmd_has_option GET_PASSPHRASE newsymkey
gpg: DBG: chan_0x0000017c <- OK
gpg: DBG: chan_0x0000017c -> GET_PASSPHRASE --data --repeat=0 -- S4A761E66D1E1733B X X Please+enter+the+passphrase+for+decryption.
gpg: DBG: chan_0x0000017c <- S INQUIRE_MAXLEN 255
gpg: DBG: chan_0x0000017c <- INQUIRE PASSPHRASE
gpg: DBG: chan_0x0000017c -> D 123456
gpg: DBG: chan_0x0000017c -> END
gpg: DBG: chan_0x0000017c <- [eof]
gpg: problem with the agent: End of file
gpg: DBG: free_packet() type=3
gpg: DBG: parse_packet(iob=1): type=18 length=70 (new_ctb) (parse./home/wk/b/gnupg/dist/PLAY-release/gnupg-w32-2.3.2/g10/mainproc.c.1550)
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key
gpg: DBG: free_packet() type=18
gpg: DBG: iobuf-1.0: underflow: buffer size: 65536; still buffered: 0 => space for 65536 bytes
gpg: DBG: iobuf-1.0: underflow: A->FILTER (65536 bytes)
gpg: DBG: iobuf-1.0: A->FILTER() returned rc=-1 (EOF), read 0 bytes
gpg: DBG: readme.txt.gpg: close fd/handle 224
gpg: DBG: fd_cache_close (readme.txt.gpg) new slot created
gpg: DBG: iobuf-1.0: close '?'
gpg: DBG: [no clock] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: objcache: keys=0/0/0 chains=0,0..0 buckets=0/0 attic=0
gpg: objcache: uids=0/0/0 chains=0,0..0 buckets=0/0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x00000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks

v.2.2.29 (works fine):

C:\Tools\GnuPG\bin>gpg.exe -d --pinentry-mode loopback --verbose --debug-all readme.txt.gpg
gpg: reading options from 'C:/Tools/GnuPG/home/gpg.conf'
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: fd_cache_open (readme.txt.gpg) not cached
gpg: DBG: iobuf-1.0: open 'readme.txt.gpg' desc=file_filter(fd) fd=356
gpg: DBG: iobuf-1.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.0: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-1.0: A->FILTER() returned rc=0 (ok), read 87 bytes
gpg: DBG: parse_packet(iob=1): type=3 length=13 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.29/g10/mainproc.c.1566)
# off=0 ctb=8c tag=3 hlen=2 plen=13
:symkey enc packet: version 4, cipher 9, aead 0,s2k 3, hash 2
	salt 4A761E66D1E1733B, count 48234496 (247)
gpg: AES256.CFB encrypted data
gpg: no running gpg-agent - starting 'C:\Tools\GnuPG\bin\gpg-agent.exe'
gpg: DBG: Using CREATE_BREAKAWAY_FROM_JOB flag
gpg: waiting for the agent to come up ... (5s)
gpg: DBG: chan_0x00000190 <- OK Pleased to meet you
gpg: connection to agent established
gpg: DBG: chan_0x00000190 -> RESET
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: chan_0x00000190 -> GETINFO version
gpg: DBG: chan_0x00000190 <- D 2.2.29
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: chan_0x00000190 -> OPTION allow-pinentry-notify
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: chan_0x00000190 -> OPTION agent-awareness=2.1.0
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: chan_0x00000190 -> OPTION pinentry-mode=loopback
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: chan_0x00000190 -> GETINFO cmd_has_option GET_PASSPHRASE repeat
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: chan_0x00000190 -> GETINFO cmd_has_option GET_PASSPHRASE newsymkey
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: chan_0x00000190 -> GET_PASSPHRASE --data --repeat=0 -- S4A761E66D1E1733B X X Please+enter+the+passphrase+for+decryption.
gpg: DBG: chan_0x00000190 <- S INQUIRE_MAXLEN 255
gpg: DBG: chan_0x00000190 <- INQUIRE PASSPHRASE
gpg: DBG: chan_0x00000190 -> D 123456
gpg: DBG: chan_0x00000190 -> END
gpg: DBG: chan_0x00000190 <- D 123456
gpg: DBG: chan_0x00000190 <- OK
gpg: DBG: free_packet() type=3
gpg: DBG: parse_packet(iob=1): type=18 length=70 (new_ctb) (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.29/g10/mainproc.c.1566)
# off=15 ctb=d2 tag=18 hlen=2 plen=70 new-ctb
:encrypted data packet:
	length: 70
	mdc_method: 2
gpg: encrypted with 1 passphrase
gpg: DBG: iobuf-1.1: push 'mdc_decode_filter'
gpg: DBG: iobuf chain: 1.1 'mdc_decode_filter' filter_eof=0 start=0 len=0
gpg: DBG: iobuf chain: 1.0 'file_filter(fd)' filter_eof=0 start=36 len=87
gpg: DBG: iobuf-1.1: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.1: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-1.1: A->FILTER() returned rc=0 (ok), read 29 bytes
gpg: DBG: parse_packet(iob=1): type=8 length=0 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.29/g10/mainproc.c.1566)
# off=36 ctb=a3 tag=8 hlen=1 plen=0 indeterminate
:compressed packet: algo=1
gpg: DBG: iobuf-1.2: push 'compress_filter'
gpg: DBG: iobuf chain: 1.2 'compress_filter' filter_eof=0 start=0 len=0
gpg: DBG: iobuf chain: 1.1 'mdc_decode_filter' filter_eof=0 start=2 len=29
gpg: DBG: iobuf chain: 1.0 'file_filter(fd)' filter_eof=0 start=87 len=87
gpg: DBG: iobuf-1.2: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.2: underflow: A->FILTER (8192 bytes)
gpg: DBG: begin inflate: avail_in=0, avail_out=8192, inbuf=2048
gpg: DBG: iobuf-1.1: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.1: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-1.1: A->FILTER() returned rc=-1 (EOF), read 0 bytes
gpg: DBG: iobuf-1.1: pop in underflow (nothing buffered, got EOF)
gpg: DBG: iobuf chain: 1.0 'file_filter(fd)' filter_eof=0 start=87 len=87
gpg: DBG: enter inflate: avail_in=28, avail_out=8192
gpg: DBG: leave inflate: avail_in=1, avail_out=8167, zrc=1
gpg: DBG: do_uncompress: returning 25 bytes (1 ignored)
gpg: DBG: iobuf-1.2: A->FILTER() returned rc=-1 (EOF), read 25 bytes
gpg: DBG: parse_packet(iob=1): type=11 length=23 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.29/g10/mainproc.c.1566)
# off=38 ctb=ac tag=11 hlen=2 plen=23
:literal data packet:
	mode b (62), created 1631487134, name="readme.txt",
	raw data: 7 bytes
gpg: original file name='readme.txt'
Test 
gpg: DBG: free_packet() type=11
gpg: DBG: iobuf-1.2: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.2: underflow: eof (pending eof)
gpg: DBG: iobuf-1.2: filter popped (pending EOF returned)
gpg: DBG: iobuf chain: 1.0 'file_filter(fd)' filter_eof=0 start=87 len=87
gpg: DBG: free_packet() type=63
gpg: DBG: free_packet() type=8
gpg: DBG: iobuf-1.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.0: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-1.0: A->FILTER() returned rc=-1 (EOF), read 0 bytes
gpg: DBG: readme.txt.gpg: close fd/handle 356
gpg: DBG: fd_cache_close (readme.txt.gpg) new slot created
gpg: decryption okay
gpg: DBG: free_packet() type=18
gpg: DBG: iobuf-1.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-1.0: underflow: eof (pending eof)
gpg: DBG: iobuf-1.0: close '?'
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x00000000 calls=0 bytes=0
gpg: secmem usage: 64/32768 bytes in 1 blocks
werner triaged this task as High priority.

The breakaway job notices should definitely only be emitted in verbose mode. For the other things I need to check.

gpg: can't connect to the agent: IPC connect call failed

This problem with portable mode in Windows can be solved by creating additional gnupg folder near bin, home, share.
I don't know why, but gpg-agent v2.3.2/2.2.30 in Windows in portable mode creates files S.gpg-agent.* in gnupg, not in home folder. And it doesn't work without gnupg folder.

So, maybe its are separate issues (portable mode gpg: can't connect to the agent and gpg: problem with the agent: End of file).

@ikloecker
Thank you.
So it's a different issue.
Sorry, I was confused because after solving the gpg: can't connect to the agent I instantly got gpg: problem with the agent: End of file.