Yes, it's running. I have a scheduled task that spawns a vbscript to ensure that gpg-agent is started on login, and restarts it on insertion of a card (specifically for two reasons: windows ssh clients don't typically start agents automatically, and windows can cause gpg-agent to get a but upset after a card is removed and re-inserted. Edit: although, I think that latter reason might be resolved now... I haven't investigated deeply. more info here and here).
Dec 19 2018
Thanks for your information.
Hum, you are using gpg-agent for SSH access.
Dec 18 2018
When no card is inserted, usage of an ssh client simply fails to request insertion of the card for the stub keys present in ~/.gnupg/.
Dec 17 2018
Please let us know the version of GnuPG, the output of gpg --card-status when inserted, and how gpg is not working well, etc.
How scdaemon responds when there is no card available?
Dec 5 2018
Sounds good! I give it to me for testing / documenting this.
Dec 4 2018
With master we can now do:
Dec 3 2018
Nov 28 2018
@werner Be my guest.
Nov 27 2018
Why not using PowerShell? Because --with-colons does not output the required hash? But that can't be the reason because Python has the very same problem. Using Python for scripts is anyway a bit of overkill.
Precondition: A list of pubkeys, as keyring or as keyring file with list of fingerprints.
Goal: a static file structure that can be uploaded on my webserver.
Platform: Windows, a better solution does require less additional dependencies apart from Gpg4win.
Nov 26 2018
gpg-wks-server --install-key fingerprint
... that would be useful in many ways. I'd say we should support anyone who wants to use pythong-gnupg on windows.
As I see it Bernhard is just asking for the flat strucuture so basically some export script that creates the needed files on windows.
If they really want to do that for Windows, they can use some database approach like Protonmail does it. This does not require any file structure.
Sorry, we won't implement a server for WIndows. No sane provider uses Windows for a large mail setup.
Nov 9 2018
Marking this as resolved as it was forgotten in the testing state.
Oct 26 2018
Oct 22 2018
I'm also seeing the same behaviour on a freshly installed Windows 10 1809 with Gpg4win v3.1.4. Have to kill dirmngr from task manager to be able to get into Kleopatra.
Oct 8 2018
Hi, Has anyone found a reason why that happens. I run into the same behavior on my Windows 10 1803 computer. I have Gpg4win version 3.1.3 freshly installed and dirmngr hangs. Thanks and best regards, Peter
Aug 24 2018
I need to know which of the processes segv: mkdefsinc, cat or the subshell. And a backtrace would also be very helpful.
Aug 6 2018
Was anyone successful in debugging dirmngr? I'm having the same issue. The dirmngr process gets stuck, no output at all, and this causes Kleopatra to get stuck waiting for it. I can only run Kleopatra after I have killed the dirmngr process. If I understand correctly I still need this process for network-related functionality, so I would need to fix it if I want to use all functions.
Jul 5 2018
IMO this can be closed. At least the problem for which I intended this ticket is fixed.
Jul 4 2018
Printing "(null)" is just coincidence because NULL is stored at the respective stack address on one platform.
Well I'm pretty sure the reason is that valuetable_buffer is not inialized in _gpgrt_estream_format. But the resulting behavior confused me. It would not crash. But it would also not print "gpg: Entschlüsselung als fehlgeschlagen angesehen: (null)" It would just print nothing instead of that string.
Jun 21 2018
Not really. off_t is a real portability problem and this why we moved that problem out of the GPGME ABI to the application. Thus the application needs to care about mapping gpgme_off_t to whatever off_t it uses. Without that we can't provide a stable _and_ toolchain independent ABI.
Jun 20 2018
Thank you for pointing this out.
Following patch fixes the issue.
Jun 12 2018
@tinkerwolf This is weird... I've reinstalled my PC from scratch with an initial account set as local, and was able to set up GPG4Win perfectly fine for the first time on my PC (as I did in the VM). So, set up a VM with an initial account set up from an online account. GPG4Win started up fine... I am now really confused!! Somewhere within the getting set up with an online account, something has to be happening that interferes with dirmngr..
Will investigate further.
@RAmbidge are you able to further test this by using a VM with a MS account? I don't have the means right now, or I'd do it myself.
That actually makes sense, because it works fine on my laptop, where it's been a local account from the start, but it's broken on my desktop where it was originally a MS account, but is now local.
Jun 11 2018
I'm having the same issue. I read somewhere that it's likely caused by using an online Windows account to login with. So I converted to local log in. Issue persists. As a test, I've just set up a VM with a local account set up at install, and GPG4Win works perfectly fine. So I'm guessing that there may be an issue which stays in the files system caused by online account users. I'm not a programmer and have no idea how or where to look to see what's causing it and how to fix it though.
May 29 2018
Maybe the off_t mess comes from following line
The gpgme c api already had a convenience function gpgme_data_rewind to do data.seek (0, SEEK_SET); As this is by far the most common seek operation. KMymoney also only uses such seeks.
May 28 2018
Uhm, yeah I would be willing to help. But I tried to understand it and don't see the problem.
So what the error tells us is that "off_t" is defined as long in the declaration but as something else in the definition.
But how can that be? data.cpp includes the data.h header so they both should have the same definition of off_t.
The only thing I could imagine is that something which is included in the cpp but not in the header undef's off_t and defines it to something else.
Or more likely that the archive was compiled with a different definition of off_t then what is included in the headers when kmymoney is built.
Are you using the same mingw version as the buildchain which compiles the gpgme binary?
Uhm, yeah I would be willing to help. But I tried to understand it and don't see the problem.
You are not cross-compiling. This is not suggested and I don't have the environment to replicate this. Maybe @aheinecke can help.
May 16 2018
@werner I was hoping to make a modified gpg-agent build that would let me walk through what's going on after the nonce is sent but it looks like the gpg4win process only takes in a package of pre-built gpg binaries which rules that out. As far as I can figure out, after the nonce is read and accepted, libassuan creates a stream object out of the socket and then finding nothing in the stream terminates the ssh handler. We send the actual client request immediately after the nonce but in a separate call to send() so I now wonder if by not having anything read in at the same time as the nonce gpg-agent or libassuan thinks that it's a 0-length stream.
May 3 2018
May 2 2018
No longer happens when the good old ldapwrapper is used.
Apr 25 2018
Still happens. There are also "BER" errors that seem random.
Apr 21 2018
I just took a look through assuan-socket.c and it appears that we just need to send the nonce and don't need to read anything back. We also found a bug on our side that was preventing the nonce from being sent, which has been fixed. The error message logged above no longer happens.
The nonce is a string of octets thus it needs to be passed verbatim. I would need to study the code in libassun/src/assuan-socket.c to tell more.
Apr 20 2018
@werner After sending the nonce value from the socket file, does anything need to be read back before ssh-agent commands can be sent? Are there any byte ordering requirements for sending the nonce or can they be sent in the same order as they are in the file?
Apr 16 2018
Got the question about this note from a user (in a internal email) and I see the problem that users do not have enough information to decide this. They do not know what the consequences of this note are (and suspect it to be the cause of error of they see it together with other problems). So to me it is more than a 'wish' as it will generate questions and leaves users in a situation where they cannot progress by their own in most of the situations.
It is not an error or even a warning but just a NOTE. Thus the user should decide. it is not even translated and most systems this is enabled anyway.
Did that help any?
Apr 14 2018
I've been working with one of Microsoft's developers on a temporary tool that should bridge the connection between named pipes and the Unix sockets emulation used by gpg-agent but things appear to trip up with sending the nonce. From the position of the tool, the nonce value is successfully sent (send returns 16), but never seems to be picked up by gpg-agent. Instead both gpg-agent and the bridge sit there until whatever tool is using them (I test using ssh-add -l) is terminated, at which point gpg-agent immediately spits up the message
Apr 13 2018
Apr 12 2018
So I used a debugger to see if I could garner any additional info. Here's the log:
Apr 11 2018
Workaround is implemented in 2.2.6.
Apr 10 2018
dirmngr -v --debug ipc,dns,network --log-file - --server --debug-wait 3
@werner here's the only output I get:
Please kill all existing dirmngr instances and don't run any programs which will trigger it to be started (e.g. Kleopatra). Then run in a _standard_ shell (cmd.exe):
I, too, have this problem. I have Windows 10 Pro 64-bit with BitDefender Total Security. My first reaction when this wasn't working was to disable all functions on BitDefender. That didn't help, so I ran dirmngr as admin in cmd (I despise PowerShell) without any luck. I created a non-admin user and ran it in there, again without luck. I've come up dry. No logs, no output, and no answers. Is there anything shy of downgrading dirmngr that will make this work? Has there been any progress as to figuring this out?
Rhat's for the client, right. I never used it. We used to run a Windows 8 instance in a VM to run tests via ssh on it. That worked most not really stable. For obvious reasons I am more interested in the server part ;-)
I would argue that the Windows port of OpenSSH is not unstable at this point, especially given that Microsoft is even providing it as an installable feature in the next regular Windows 10 release. The fact that the port is now using actual OpenSSH version numbers instead of their own 0.x versions lends credence to this as well.
Apr 9 2018
Yes. However, I have tested a fix for the empty value.
Have you tried it multiple times? If it's unintialized memory access maybe you got lucky?
I still can't reproduce the crash (on Vista).
Thanks for the pointer. But as long as the Windows ssh server is that instable I see no urgent need to add this to GnuPG.
Apr 7 2018
Mar 28 2018
Mar 27 2018
In my opinion we should assume that c:/ was meant.
Mar 26 2018
Under Wine it does not crash but returning an empty string is not a good idea in any case. The question is what to do with "c:". The usual meaning is to use the current directory of drive C. But that does not make much sense. Should we simply assume that "c:/" was meant?
Mar 20 2018
Kleopatra now shows this:
Mar 15 2018
Mar 13 2018
I've contacted Yubico to review this ticket.
Hi, that works as advertised. If this is the best solution yubikey permits us I am ok with it.
I put an entry: https://wiki.gnupg.org/SmartCard#Known_problem_of_Yubikey
After resume, because resume is not detected, some user interaction is required to cause an error.
gpg --card-status (which will only show partial information) is enough. Or, ssh failure. After failure, scdaemon reconnects the token.
Then, you can use it again without plug-off/plug-in.
Thanks a lot for pointers and suggestion.
Well, the problem of Yubikey itself cannot be solved by others, we can put some workaround for the error recovery.
So, this is another try of mine to improve error recovery.
Mar 12 2018
- There was same problem in yubico-piv-tool and it was solved by detecting error state (0x80100068) and reconnecting to the smart card if necessary 
- There is also a thread in OpenSC discussing this issue  and relevant PRs 
- I also found a project that claims to fix SCARD_W_RESET_CARD by disabling exclusive access to the card before asking for PIN (and then they enable exclusive access again) 
Part of the problem is Yubikey side, I suppose. (Because my implementation of Gnuk Token has no problem for suspend/resume if it's in-use.)
Again, thanks a lot for your testing. The log said: The code I added cannot detect the event of suspend/resume.
It seems that there is no way to recover from suspend/resume for Yubikey.
Mar 9 2018
Yeah, this is better, we got apdu_get_status => sw=0x0 status=7 and I can auth with this version as usual. After sleep-wake cycle it would however fail with pcsc_transmit failed: reset card (0x80100068). Logs attached.
Thanks a lot for your testing. So, apparently, the PC/SC behavior is different between GNU/Linux and Windows.
Thus, I pushed another change: rG1e27c0e04cd3: scd: More fix with PC/SC for Windows.. Please test this. (Both of previous version and this version work well on GNU/Linux for operations not including suspend/resume with Yubikey and Gnuk Token, while my Yubikey with PC/SC doesn't work well for suspend/resume.)