Setting log-file via gpgsm --log-file <PATH> flag or in gpgsm.conf seems to be ignored: no file is written.
With this gpgsm.conf, debug-all is applied, but the output written to stdout/stderr. The same config works for other components:
log-file C:\Users\g10\Desktop\gpgsm.log debug-all
Please run with --debug 0 which should show you which confiration files are read in which order. Is there anything in a common.conf file? A log-file statement tehre would overwrite the command line option.
There's no other configuration, this happens with a clean gnupghome with one smime cert + root cert and the above gpgsm.conf (output on stdin/stderr):
C:\Users\g10>gpgsm --debug 0 -K
gpgsm: reading options from 'C:/Users/g10/AppData/Roaming/gnupg/gpgsm.conf'
gpgsm: reading options from '[cmdline]'
gpgsm: reading options from 'C:/Users/g10/AppData/Roaming/gnupg/common.conf'
gpgsm: enabled debug flags: x509 mpi crypto memory cache memstat hashing ipc clock lookup
gpgsm: enabled compatibility flags:
gpgsm: DBG: [no clock] keydb_new: enter
gpgsm: DBG: chan_0x0000000000000248 <- # Home: C:\Users\g10\AppData\Roaming\gnupg
gpgsm: DBG: chan_0x0000000000000248 <- # Config: [none]
gpgsm: DBG: chan_0x0000000000000248 <- OK Keyboxd 2.5.16 at your service, process 6692
gpgsm: DBG: connection to the keyboxd established
gpgsm: DBG: chan_0x0000000000000248 -> GETINFO version
gpgsm: DBG: chan_0x0000000000000248 <- D 2.5.16
gpgsm: DBG: chan_0x0000000000000248 <- OK
gpgsm: DBG: chan_0x0000000000000248 -> SENDFD 000000000000022c
gpgsm: DBG: chan_0x0000000000000248 <- OK
gpgsm: DBG: chan_0x0000000000000248 -> OUTPUT FD
gpgsm: DBG: chan_0x0000000000000248 <- OK
gpgsm: DBG: [no clock] keydb_new: leave (hd=0x0000000000e4e7f0)
gpgsm: DBG: [no clock] keydb_search: enter (hd=0x0000000000e4e7f0)
gpgsm: DBG: keydb_search: 1 search description(s):
gpgsm: DBG: keydb_search: 0: FIRST
gpgsm: DBG: chan_0x0000000000000248 -> SEARCH --x509
gpgsm: DBG: chan_0x0000000000000248 <- S PUBKEY_INFO 2 D4ECA6B469ABB5440827CB3FC7D791083C1027DB -- 0 0
gpgsm: DBG: chan_0x0000000000000248 <- OK
gpgsm: DBG: [no clock] keydb_search: leave (Success)
gpgsm: DBG: [no clock] keydb_get_flags: enter (hd=0x0000000000e4e7f0)
gpgsm: DBG: [no clock] keydb_get_flags: leave (err=Success)
gpgsm: DBG: [no clock] keydb_get_cert: enter (hd=0x0000000000e4e7f0)
gpgsm: DBG: [no clock] keydb_get_cert: leave (rc=0)
gpgsm: DBG: get_keygrip for public key
gpgsm: DBG: keygrip: 184977136da4d5c90c202f22e3812012abcd7174
gpgsm: no running gpg-agent - starting 'C:\\Program Files\\Gpg4win\\..\\GnuPG\\bin\\gpg-agent.exe'
[keyboxd]
---------
ID: 0x93216FA6
S/N: 281B974B684B7934
(dec): 2890069936016423220
Issuer: /CN=Root-CA 2020/OU=GnuPG.com/O=g10 Code GmbH/C=DE
Subject: /CN=Edward Tester/OU=demo/O=g10 Code GmbH/C=DE
aka: edward.tester@demo.gnupg.com
validity: 2023-03-13 18:31:40 through 2063-04-05 17:00:00
key type: brainpoolP256r1
key usage: digitalSignature nonRepudiation keyEncipherment dataEncipherment
sha1 fpr: FF:81:0B:92:81:A4:3C:39:4A:A1:38:E9:C7:FD:4C:01:93:21:6F:A6
sha2 fpr: FC:AE:E9:A6:30:60:E1:68:A7:AC:2C:21:BF:C1:D5:FE:AE:8C:9A:87:61:38:47:F0:16:A3:B3:17:35:97:E5:C6The gnupg manual (page 113) mentions:
--log-file file
When running in server mode, append all logging output to file. Use
‘socket://’ to log to socket.
Running gpgsm with --server and the log-file option in gpgsm.conf creates a log file for me.
Ah, thanks for the pointer, I did not expect gpgsm to behave differently here. Then it's probably intentional and I'll close this as invalid.