Page MenuHome GnuPG
Create Task
Maniphest T7777

Gpg4win fails to connect to keyboxd on a cold boot
Open, NormalPublic
Actions

Description

On the latest version of Gpg4win, attempting to sign a git commit with my default GPG key results in the shell hanging for around 30 seconds (or up to a minute) until the following error is shown:

> git commit
error: gpg failed to sign the data:
gpg: can't connect to the keyboxd: IPC connect call failed?
gpg: error opening key DB: No Keybox daemon running?
gpg: skipped "MYKEYPUBID": Input/output error?
[GNUPG:] INV_SGNR 0 MYKEYPUBID?
[GNUPG:] FAILURE sign 33587249?
gpg: signing failed: Input/output error?

fatal: failed to write commit object

On my laptop, I can sometimes mitigate this by opening Kleopatra and then immediately closing it, which causes the pinentry screen to appear. However, on my desktop, this usually does not work and the first sign will almost always fail.

From the second sign onward, the pinentry screen will properly show up and I will be able to sign my commit with GPG. Once I have successfully used my GPG key, subsequent invocations will *always* work until I restart my computer. (By subsequent invocations, it includes instances where GPG still allows signing without re-prompting for my password and when the pinentry timeout has been reached and pinentry shows up to prompt me for the password again. Both continue to work until the computer is restarted.)

This affects two different Windows machines that I have. I'm using the following routine to get git to automatically sign my commits with my key.

Details

Version
4.4.1

Event Timeline

ericswpark created this task.Thu, Aug 14, 5:59 AM
werner added a subscriber: werner.Mon, Aug 18, 2:18 PM

The problem is likely the gpg which comes with Git on Windows. Depending on where they are in the %PATH% a wrong one will be used. Please run gpgconf -L to check that the correct version of gnupg is used. I have never used git on Window but I would suggest to remove the gnupg binaries which come with Git and adjust the gpg.exe name in the global config.

The output of gpgconf -L should be alike this:

sysconfdir:C%3a\ProgramData\GNU\etc\gnupg
bindir:C%3a\Program Files (x86)\GnuPG VS-Desktop\GnuPG\bin
libexecdir:C%3a\Program Files (x86)\GnuPG VS-Desktop\GnuPG\bin
libdir:C%3a\Program Files (x86)\GnuPG VS-Desktop\GnuPG\lib\gnupg
datadir:C%3a\Program Files (x86)\GnuPG VS-Desktop\GnuPG\share\gnupg
localedir:C%3a\Program Files (x86)\GnuPG VS-Desktop\GnuPG\share\locale
socketdir:C%3a\Users\dd9jn\AppData\Local\gnupg
dirmngr-socket:C%3a\Users\dd9jn\AppData\Local\gnupg\S.dirmngr
agent-ssh-socket:C%3a\Users\dd9jn\AppData\Local\gnupg\S.gpg-agent.ssh
agent-extra-socket:C%3a\Users\dd9jn\AppData\Local\gnupg\S.gpg-agent.extra
agent-browser-socket:C%3a\Users\dd9jn\AppData\Local\gnupg\S.gpg-agent.browser
agent-socket:C%3a\Users\dd9jn\AppData\Local\gnupg\S.gpg-agent
homedir:C%3a\Users\dd9jn\AppData\Roaming\gnupg
ericswpark added a comment.EditedWed, Aug 20, 6:34 PM

This is addressed in my blog post; I set the GPG executable used by Git in the configuration so that it uses the one shipped with Gpg4win:

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

Here's the output of my gpgconf -L:

PS C:\Users\ericswpark> gpgconf -L
sysconfdir:C%3a\ProgramData\GNU\etc\gnupg
bindir:C%3a\Program Files (x86)\GnuPG\bin
libexecdir:C%3a\Program Files (x86)\GnuPG\bin
libdir:C%3a\Program Files (x86)\GnuPG\lib\gnupg
datadir:C%3a\Program Files (x86)\GnuPG\share\gnupg
localedir:C%3a\Program Files (x86)\GnuPG\share\locale
socketdir:C%3a\Users\ericswpark\AppData\Local\gnupg
dirmngr-socket:C%3a\Users\ericswpark\AppData\Local\gnupg\S.dirmngr
keyboxd-socket:C%3a\Users\ericswpark\AppData\Local\gnupg\S.keyboxd
agent-ssh-socket:C%3a\Users\ericswpark\AppData\Local\gnupg\S.gpg-agent.ssh
agent-extra-socket:C%3a\Users\ericswpark\AppData\Local\gnupg\S.gpg-agent.extra
agent-browser-socket:C%3a\Users\ericswpark\AppData\Local\gnupg\S.gpg-agent.browser
agent-socket:C%3a\Users\ericswpark\AppData\Local\gnupg\S.gpg-agent
homedir:C%3a\Users\ericswpark\AppData\Roaming\gnupg
ericswpark updated the task description. (Show Details)Wed, Aug 20, 6:39 PM
werner added a comment.Thu, Aug 21, 11:27 AM

Can you please try with gpg4win-5 beta: https://www.gpg4win.org/version5.html this makes it easier for us to see the reason. Deinstall gpg4win first and note that version5 is 64 bit and installed under Program Files (w/o (x86)). If it still does not work please add

debug ipc

to %APPDATA%\gnupg\gpg.conf. This should give more information in the git call. If it works: gpg4win 5 is not too far away.

werner added a project: Info Needed.Mon, Aug 25, 4:36 PM
werner triaged this task as Normal priority.Thu, Sep 4, 9:47 PM

If this is indeed a bug it won't be fixed in gpg4win 4. Thus a test with gpg4win 5 beta is highly appreciated. It would also be interesting to see what what version of gpg comes with Git.