Page MenuHome GnuPG
Create Task
Maniphest T8052

GnuPG: First listing of secret keys is empty
Closed, ResolvedPublic
Actions

Description

If no processes are running, listing the secret keys via gpg -K and gpgsm -K will show no results on the first run. It looks like gpg-agent is not started (General Error, no log written for it).

Notes:

  • Listing the public keys via gpg -k and gpgsm -k does work.
  • Without keyboxd the first listing works
  • Might be related to T8012: Missing error on first key search without keyserver
  • Okular won't find keys on the first signing operation (if no processes were running and the keyring contains only smime certs), this should be tested too, after this is fixed.
  • Sometimes (every ~10-20 times) I experienced a hang on gpg(sm) -v -K on the first run. Killing keyboxd results in the continuation of the gpg process (without output). More details below.

To reproduce:

  1. Ensure some certificates are in the keyring (e.g. our testcerts: public keys for all pgp/smime , secret keys for ted/edward for pgp/smime, root cert)
  2. Ensure no processes are running: gpgconf -K all
  3. Enter gpg -K twice -> no output on first time
C:\Users\g10>gpgconf -K all

C:\Users\g10>gpg -v -K
gpg: enabled compatibility flags:
gpg: using pgp trust model
gpg: no running keyboxd - starting 'C:\\Program Files\\Gpg4win\\..\\GnuPG\\bin\\keyboxd.exe'

C:\Users\g10>gpg -v -K
gpg: enabled compatibility flags:
gpg: using pgp trust model
gpg: no running gpg-agent - starting 'C:\\Program Files\\Gpg4win\\..\\GnuPG\\bin\\gpg-agent.exe'
[keyboxd]
---------
sec   rsa3072 2023-03-08 [SC]
      11A9C6D06717C4E284960BA906E28F5FB5297489
uid           [ultimate] Edward Tester <Edward.Tester@demo.gnupg.com>
ssb   rsa3072 2023-03-08 [E]
      756613A147108F13282B8B7B037BFD4B2C571A9E

sec   rsa3072 2023-03-08 [SC]
      98111E67AE06F2BEFD2BDE10C5D6C919005F36A4
uid           [ultimate] Ted Tester <Ted.Tester@demo.gnupg.com>
ssb   rsa3072 2023-03-08 [E]
      CC5274CB8072E9778DADD15BCD573B2B0736643A
  1. Ensure no processes are running: gpgconf -K all
  2. Enter gpgsm -K twice -> no output on first time
C:\Users\g10>gpgconf -K all

C:\Users\g10>gpgsm -v -K
gpgsm: enabled compatibility flags:
gpgsm: no running keyboxd - starting 'C:\\Program Files\\Gpg4win\\..\\GnuPG\\bin\\keyboxd.exe'
[keyboxd]
---------

C:\Users\g10>gpgsm -v -K
gpgsm: enabled compatibility flags:
gpgsm: no running gpg-agent - starting 'C:\\Program Files\\Gpg4win\\..\\GnuPG\\bin\\gpg-agent.exe'
[keyboxd]
---------
           ID: 0x8C7DDFC5
          S/N: 4D9528785EE3E701
        (dec): 5590419009903519489
       Issuer: /CN=Root-CA 2020/OU=GnuPG.com/O=g10 Code GmbH/C=DE
       [...]

gpg.log (for gpg -v -K)

2026-01-23 13:53:56 gpg[9104] enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc recsel clock lookup extprog keydb
[...]
2026-01-23 13:53:56 gpg[9104] no running gpg-agent - starting 'C:\\Program Files\\Gpg4win\\..\\GnuPG\\bin\\gpg-agent.exe'
2026-01-23 13:53:56 gpg[9104] CreateProcess failed: ec=87
2026-01-23 13:53:56 gpg[9104] failed to start gpg-agent 'C:\\Program Files\\Gpg4win\\..\\GnuPG\\bin\\gpg-agent.exe': General error
2026-01-23 13:53:56 gpg[9104] can't connect to the gpg-agent: General error
2026-01-23 13:53:56 gpg[9104] DBG: free_packet() type=6
2026-01-23 13:53:56 gpg[9104] DBG: free_packet() type=13
2026-01-23 13:53:56 gpg[9104] DBG: free_packet() type=2
2026-01-23 13:53:56 gpg[9104] DBG: free_packet() type=2
2026-01-23 13:53:56 gpg[9104] DBG: free_packet() type=14
2026-01-23 13:53:56 gpg[9104] DBG: free_packet() type=2
2026-01-23 13:53:56 gpg[9104] DBG: [no clock] keydb_search enter
2026-01-23 13:53:56 gpg[9104] DBG: keydb_search: 1 search descriptions:
2026-01-23 13:53:56 gpg[9104] DBG: keydb_search   0: NEXT
[...]

gpgsm.log (for gpgsm --server and LISTSECRETKEYS)

2026-01-30 11:15:11 gpgsm[4712] enabled debug flags: x509 mpi crypto memory cache memstat hashing ipc clock lookup
[...]
2026-01-30 11:15:23 gpgsm[4712] DBG: get_keygrip for public key
2026-01-30 11:15:23 gpgsm[4712] DBG: keygrip: 36513eaa2db9bf6cf835cef1dbdc155728089965
2026-01-30 11:15:23 gpgsm[4712] no running gpg-agent - starting 'C:\\Program Files\\GnuPG\\bin\\gpg-agent.exe'
2026-01-30 11:15:23 gpgsm[4712] DBG: chan_0x0000000000000244 -> S PROGRESS starting_agent ? 0 0
2026-01-30 11:15:23 gpgsm[4712] CreateProcess failed: ec=87
2026-01-30 11:15:23 gpgsm[4712] failed to start gpg-agent 'C:\\Program Files\\GnuPG\\bin\\gpg-agent.exe': General error
2026-01-30 11:15:23 gpgsm[4712] can't connect to the gpg-agent: General error
2026-01-30 11:15:23 gpgsm[4712] DBG: [no clock] keydb_release: enter (hd=0x000000000105ebc0)
2026-01-30 11:15:23 gpgsm[4712] DBG: [no clock] close_context (found)
2026-01-30 11:15:23 gpgsm[4712] DBG: [no clock] keydb_release: leave
2026-01-30 11:15:23 gpgsm[4712] DBG: chan_0x0000000000000244 -> ERR 50331725 No agent running <GpgSM>
2026-01-30 11:19:33 gpgsm[4712] DBG: chan_0x0000000000000244 <- LISTSECRETKEYS
Hang

Regarding the hang it seems keyboxd is stuck in a loop:

keyboxd.log (debug-all):

2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec -> # Home: C:\Users\g10\AppData\Roaming\gnupg
2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec -> # Config: [none]
2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec -> OK Keyboxd 2.5.16 at your service, process 1236
2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec <- GETINFO pid
2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec -> D 1236
2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec -> OK
2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec <- BYE
2026-01-23 13:44:21 keyboxd[1236] DBG: chan_0x00000000000001ec -> OK closing connection

2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc -> # Home: C:\Users\g10\AppData\Roaming\gnupg
2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc -> # Config: [none]
2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc -> OK Keyboxd 2.5.16 at your service, process 1236
2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc <- GETINFO pid
2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc -> D 1236
2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc -> OK
2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc <- BYE
2026-01-23 13:45:21 keyboxd[1236] DBG: chan_0x00000000000002dc -> OK closing connection

2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 -> # Home: C:\Users\g10\AppData\Roaming\gnupg
2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 -> # Config: [none]
2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 -> OK Keyboxd 2.5.16 at your service, process 1236
2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 <- GETINFO pid
2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 -> D 1236
2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 -> OK
2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 <- BYE
2026-01-23 13:46:21 keyboxd[1236] DBG: chan_0x00000000000002d4 -> OK closing connection

[...]

procmon output (filtered by "process name contains keyboxd"):

13:47:42,4841253	keyboxd.exe	1236	CreateFile	C:\Users\g10\AppData\Roaming	SUCCESS	Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
13:47:42,4841993	keyboxd.exe	1236	QueryDirectory	C:\Users\g10\AppData\Roaming\gnupg	SUCCESS	FileInformationClass: FileBothDirectoryInformation, Filter: gnupg, 2: gnupg
13:47:42,4842612	keyboxd.exe	1236	CloseFile	C:\Users\g10\AppData\Roaming	SUCCESS	

13:47:46,4954717	keyboxd.exe	1236	CreateFile	C:\Users\g10\AppData\Roaming	SUCCESS	Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
13:47:46,4955659	keyboxd.exe	1236	QueryDirectory	C:\Users\g10\AppData\Roaming\gnupg	SUCCESS	FileInformationClass: FileBothDirectoryInformation, Filter: gnupg, 2: gnupg
13:47:46,4956388	keyboxd.exe	1236	CloseFile	C:\Users\g10\AppData\Roaming	SUCCESS	

13:47:50,5068457	keyboxd.exe	1236	CreateFile	C:\Users\g10\AppData\Roaming	SUCCESS	Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
13:47:50,5069489	keyboxd.exe	1236	QueryDirectory	C:\Users\g10\AppData\Roaming\gnupg	SUCCESS	FileInformationClass: FileBothDirectoryInformation, Filter: gnupg, 2: gnupg
13:47:50,5070233	keyboxd.exe	1236	CloseFile	C:\Users\g10\AppData\Roaming	SUCCESS	

[...]

Details

Version
gpg4win-5.0.0 @ win11

Revisions and Commits

rE libgpg-error
rE97c0106a9a77 spawn:w32: Fix with GPGRT_PROCESS_*_KEEP flags.
rEce261e592b3b spawn:w32: Fix preparing the environment block.

Related Objects

Event Timeline

timegrid created this task.Jan 23 2026, 2:14 PM
timegrid created this object with edit policy "Contributor (Project)".
timegrid added a project: Bug Report.Jan 23 2026, 2:22 PM
timegrid updated the task description. (Show Details)Jan 23 2026, 2:43 PM
timegrid mentioned this in Unknown Object (Maniphest Task).Jan 26 2026, 9:47 AM
timegrid added a comment.Jan 26 2026, 11:39 AM

To reproduce the hang, a loop will suffice (usually happens within the first 15 times, once it needed 50 runs):

@echo off
set run=1
:DO_WHILE
    echo run %run%
    set /a run+=1
    gpgconf -K all
    gpgsm -K
goto DO_WHILE
pl13 added a subscriber: pl13.Jan 29 2026, 10:39 AM
timegrid updated the task description. (Show Details)EditedJan 30 2026, 11:23 AM

I added the gpgsm log output in the description (same error as in the gpg log)

gniibe claimed this task.Feb 4 2026, 7:21 AM
gniibe added a project: gpgrt.
gniibe added a subscriber: gniibe.

I found two issues in libgpg-error for spawning functions.

  • It may have an issue of (a kind of) race condition; when parent goes first, child process spawning failed when GPGRT_PROCESS_*_KEEP is used.
  • environment block may be wrong.

I'm going to fix those changes.

With the first bug above, gpg -K could go wrong, firstly invoking keyboxd and secondly invoking gpg-agent; the first invocation wrongly close stderr and because of this, second gpg-agent could fail.

gniibe added a commit: rEce261e592b3b: spawn:w32: Fix preparing the environment block..Feb 4 2026, 7:26 AM
gniibe added a commit: rE97c0106a9a77: spawn:w32: Fix with GPGRT_PROCESS_*_KEEP flags..
gniibe mentioned this in Unknown Object (Maniphest Task).Feb 9 2026, 7:37 AM
werner mentioned this in T7974: Release GpgRT 1.59.Feb 18 2026, 9:48 AM
gniibe triaged this task as Normal priority.Thu, Feb 19, 5:21 AM
gniibe mentioned this in Unknown Object (Maniphest Task).Mon, Feb 23, 4:04 AM
gniibe changed the task status from Open to Testing.Thu, Feb 26, 12:55 AM
ebo moved this task from Backlog to WIP on the gpd5x board.Thu, Feb 26, 8:35 AM
ebo moved this task from Backlog to WIP on the gnupg26 board.
ebo moved this task from WIP to QA on the gpd5x board.Thu, Feb 26, 3:04 PM
timegrid moved this task from QA to Done on the gpd5x board.Tue, Mar 3, 1:20 PM

Looks good to me on gpg4win-5.0.2-beta2 @ win11:

  • first manual gpg -K and gpgsm -K displays the correct output now
  • the loop ran without a hang for 50 times
timegrid closed this task as Resolved.Tue, Mar 3, 1:22 PM
timegrid moved this task from WIP to Done on the gnupg26 board.
timegrid moved this task from Backlog to Done on the gpgrt board.
timegrid moved this task from Done to gpd-5.0.2 on the gpd5x board.
timegrid edited projects, added gpd5x (gpd-5.0.2); removed gpd5x.
gniibe mentioned this in T8012: Missing error on first key search without keyserver.Wed, Mar 4, 8:09 AM