GnuPG: First listing of secret keys is empty
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	timegrid
	Fri, Jan 23, 2:14 PM

Description

If no processes are running, listing the secret keys via gpg -K and gpgsm -K will show no results on the first run. It looks like gpg-agent is not started (General Error, no log written for it).

Notes:

Listing the public keys via gpg -k and gpgsm -k does work.
Without keyboxd the first listing works
Might be related to T8012: Missing error on first key search without keyserver
Okular won't find keys on the first signing operation (if no processes were running and the keyring contains only smime certs), this should be tested too, after this is fixed.
Sometimes (every ~10-20 times) I experienced a hang on gpg(sm) -v -K on the first run. Killing keyboxd results in the continuation of the gpg process (without output). More details below.

To reproduce:

Ensure some certificates are in the keyring (e.g. our testcerts: public keys for all pgp/smime , secret keys for ted/edward for pgp/smime, root cert)
Ensure no processes are running: gpgconf -K all
Enter gpg -K twice -> no output on first time

C:\Users\g10>gpgconf -K all

C:\Users\g10>gpg -v -K
gpg: enabled compatibility flags:
gpg: using pgp trust model
gpg: no running keyboxd - starting 'C:\\Program Files\\Gpg4win\\..\\GnuPG\\bin\\keyboxd.exe'

C:\Users\g10>gpg -v -K
gpg: enabled compatibility flags:
gpg: using pgp trust model
gpg: no running gpg-agent - starting 'C:\\Program Files\\Gpg4win\\..\\GnuPG\\bin\\gpg-agent.exe'
[keyboxd]
---------
sec   rsa3072 2023-03-08 [SC]
      11A9C6D06717C4E284960BA906E28F5FB5297489
uid           [ultimate] Edward Tester <Edward.Tester@demo.gnupg.com>
ssb   rsa3072 2023-03-08 [E]
      756613A147108F13282B8B7B037BFD4B2C571A9E

sec   rsa3072 2023-03-08 [SC]
      98111E67AE06F2BEFD2BDE10C5D6C919005F36A4
uid           [ultimate] Ted Tester <Ted.Tester@demo.gnupg.com>
ssb   rsa3072 2023-03-08 [E]
      CC5274CB8072E9778DADD15BCD573B2B0736643A

Ensure no processes are running: gpgconf -K all
Enter gpgsm -K twice -> no output on first time

C:\Users\g10>gpgconf -K all

C:\Users\g10>gpgsm -v -K
gpgsm: enabled compatibility flags:
gpgsm: no running keyboxd - starting 'C:\\Program Files\\Gpg4win\\..\\GnuPG\\bin\\keyboxd.exe'
[keyboxd]
---------

C:\Users\g10>gpgsm -v -K
gpgsm: enabled compatibility flags:
gpgsm: no running gpg-agent - starting 'C:\\Program Files\\Gpg4win\\..\\GnuPG\\bin\\gpg-agent.exe'
[keyboxd]
---------
           ID: 0x8C7DDFC5
          S/N: 4D9528785EE3E701
        (dec): 5590419009903519489
       Issuer: /CN=Root-CA 2020/OU=GnuPG.com/O=g10 Code GmbH/C=DE
       [...]

gpg.log (for gpg -v -K)

2026-01-23 13:53:56 gpg[9104] enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc recsel clock lookup extprog keydb
[...]
2026-01-23 13:53:56 gpg[9104] no running gpg-agent - starting 'C:\\Program Files\\Gpg4win\\..\\GnuPG\\bin\\gpg-agent.exe'
2026-01-23 13:53:56 gpg[9104] CreateProcess failed: ec=87
2026-01-23 13:53:56 gpg[9104] failed to start gpg-agent 'C:\\Program Files\\Gpg4win\\..\\GnuPG\\bin\\gpg-agent.exe': General error
2026-01-23 13:53:56 gpg[9104] can't connect to the gpg-agent: General error
2026-01-23 13:53:56 gpg[9104] DBG: free_packet() type=6
2026-01-23 13:53:56 gpg[9104] DBG: free_packet() type=13
2026-01-23 13:53:56 gpg[9104] DBG: free_packet() type=2
2026-01-23 13:53:56 gpg[9104] DBG: free_packet() type=2
2026-01-23 13:53:56 gpg[9104] DBG: free_packet() type=14
2026-01-23 13:53:56 gpg[9104] DBG: free_packet() type=2
2026-01-23 13:53:56 gpg[9104] DBG: [no clock] keydb_search enter
2026-01-23 13:53:56 gpg[9104] DBG: keydb_search: 1 search descriptions:
2026-01-23 13:53:56 gpg[9104] DBG: keydb_search   0: NEXT
[...]

gpgsm.log (for gpgsm --server and LISTSECRETKEYS)

2026-01-30 11:15:11 gpgsm[4712] enabled debug flags: x509 mpi crypto memory cache memstat hashing ipc clock lookup
[...]
2026-01-30 11:15:23 gpgsm[4712] DBG: get_keygrip for public key
2026-01-30 11:15:23 gpgsm[4712] DBG: keygrip: 36513eaa2db9bf6cf835cef1dbdc155728089965
2026-01-30 11:15:23 gpgsm[4712] no running gpg-agent - starting 'C:\\Program Files\\GnuPG\\bin\\gpg-agent.exe'
2026-01-30 11:15:23 gpgsm[4712] DBG: chan_0x0000000000000244 -> S PROGRESS starting_agent ? 0 0
2026-01-30 11:15:23 gpgsm[4712] CreateProcess failed: ec=87
2026-01-30 11:15:23 gpgsm[4712] failed to start gpg-agent 'C:\\Program Files\\GnuPG\\bin\\gpg-agent.exe': General error
2026-01-30 11:15:23 gpgsm[4712] can't connect to the gpg-agent: General error
2026-01-30 11:15:23 gpgsm[4712] DBG: [no clock] keydb_release: enter (hd=0x000000000105ebc0)
2026-01-30 11:15:23 gpgsm[4712] DBG: [no clock] close_context (found)
2026-01-30 11:15:23 gpgsm[4712] DBG: [no clock] keydb_release: leave
2026-01-30 11:15:23 gpgsm[4712] DBG: chan_0x0000000000000244 -> ERR 50331725 No agent running <GpgSM>
2026-01-30 11:19:33 gpgsm[4712] DBG: chan_0x0000000000000244 <- LISTSECRETKEYS

Hang

Regarding the hang it seems keyboxd is stuck in a loop:

keyboxd.log (debug-all):

2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec -> # Home: C:\Users\g10\AppData\Roaming\gnupg
2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec -> # Config: [none]
2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec -> OK Keyboxd 2.5.16 at your service, process 1236
2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec <- GETINFO pid
2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec -> D 1236
2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec -> OK
2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec <- BYE
2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec -> OK closing connection

2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc -> # Home: C:\Users\g10\AppData\Roaming\gnupg
2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc -> # Config: [none]
2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc -> OK Keyboxd 2.5.16 at your service, process 1236
2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc <- GETINFO pid
2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc -> D 1236
2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc -> OK
2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc <- BYE
2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc -> OK closing connection

2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 -> # Home: C:\Users\g10\AppData\Roaming\gnupg
2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 -> # Config: [none]
2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 -> OK Keyboxd 2.5.16 at your service, process 1236
2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 <- GETINFO pid
2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 -> D 1236
2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 -> OK
2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 <- BYE
2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 -> OK closing connection

[...]

procmon output (filtered by "process name contains keyboxd"):

13:47:42,4841253	keyboxd.exe	1236	CreateFile	C:\Users\g10\AppData\Roaming	SUCCESS	Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
13:47:42,4841993	keyboxd.exe	1236	QueryDirectory	C:\Users\g10\AppData\Roaming\gnupg	SUCCESS	FileInformationClass: FileBothDirectoryInformation, Filter: gnupg, 2: gnupg
13:47:42,4842612	keyboxd.exe	1236	CloseFile	C:\Users\g10\AppData\Roaming	SUCCESS	

13:47:46,4954717	keyboxd.exe	1236	CreateFile	C:\Users\g10\AppData\Roaming	SUCCESS	Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
13:47:46,4955659	keyboxd.exe	1236	QueryDirectory	C:\Users\g10\AppData\Roaming\gnupg	SUCCESS	FileInformationClass: FileBothDirectoryInformation, Filter: gnupg, 2: gnupg
13:47:46,4956388	keyboxd.exe	1236	CloseFile	C:\Users\g10\AppData\Roaming	SUCCESS	

13:47:50,5068457	keyboxd.exe	1236	CreateFile	C:\Users\g10\AppData\Roaming	SUCCESS	Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
13:47:50,5069489	keyboxd.exe	1236	QueryDirectory	C:\Users\g10\AppData\Roaming\gnupg	SUCCESS	FileInformationClass: FileBothDirectoryInformation, Filter: gnupg, 2: gnupg
13:47:50,5070233	keyboxd.exe	1236	CloseFile	C:\Users\g10\AppData\Roaming	SUCCESS	

[...]

Details

Version: gpg4win-5.0.0 @ win11

Related Objects

Mentioned Here: T8053: GpgSM: `log-file` is ignored
T8012: Missing error on first key search without keyserver

Event Timeline

timegrid created this task.Fri, Jan 23, 2:14 PM

timegrid created this object with edit policy "Contributor (Project)".

timegrid added a project: Bug Report.Fri, Jan 23, 2:22 PM

timegrid updated the task description. (Show Details)Fri, Jan 23, 2:43 PM

timegrid mentioned this in Unknown Object (Maniphest Task).Mon, Jan 26, 9:47 AM

To reproduce the hang, a loop will suffice (usually happens within the first 15 times, once it needed 50 runs):

@echo off
set run=1
:DO_WHILE
    echo run %run%
    set /a run+=1
    gpgconf -K all
    gpgsm -K
goto DO_WHILE

pl13 added a subscriber: pl13.Thu, Jan 29, 10:39 AM

I added the gpgsm log output in the description (same error as in the gpg log)