Change Details

Hi team, Just found a problem when using gpg in command line. It seems gpg could not work if TCP congestion provider is BBR2. My platform is Windows 11 24H2 and gpg 2.5.5. TCP congestion provider BBR2 was introduced in 23H2. Users can using below command to switch from the default NewReno/CUBIC to the new provider: ``` >netsh interface tcp set supplemental Template=Compat CongestionProvider=bbr2 >netsh interface tcp set supplemental Template=Datacenter CongestionProvider=bbr2 >netsh interface tcp set supplemental Template=DatacenterCustom CongestionProvider=bbr2 >netsh interface tcp set supplemental Template=Internet CongestionProvider=bbr2 >netsh interface tcp set supplemental Template=InternetCustom CongestionProvider=bbr2 ``` After that, unfortunately gpg is not able to work. When I tring to generate keys, gpg will keep showing the flashing cursor even I have waiting for more than 30 minutes: ``` > gpg --full-generate-key gpg (GnuPG) 2.5.5; Copyright (C) 2025 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (9) ECC (sign and encrypt) *default* (10) ECC (sign only) (14) Existing key from card (16) ECC and Kyber Your selection? Please select which elliptic curve you want: (1) Curve 25519 *default* (4) NIST P-384 (6) Brainpool P-256 Your selection? Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 1 Key expires at 03/21/25 01:27:01 Taipei Standard Time Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: test Email address: test@test.com Comment: You selected this USER-ID: "test <test@test.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ``` Try another one, but still get the same result: ``` > gpg --import test.ssb gpg: key <hidden>: public key "<hidden>" imported ``` It still keeps showing the flashing cursor. I switched back from BBR2 to the default NewReno/CUBIC, then gpg works fine immediately. I have traced the progress, gpg seems not able to show the Pinentry window. The window should be popped after running the command. ``` Pinentry Please enter the passphrase to protect your new key. ``` I'm afraid that Windows will change the default TCP congestion provider in the future, which will break gpg's work. Not sure if gpg uses any internal or socket level network transmission (loopback interface, or IPC?), because I think only the network transport could cause this problem. Hope this can help, thanks a lot.

Hi team, Just found a problem when using gpg in command line. It seems gpg could not work if TCP congestion provider is BBR2. My platform is Windows 11 24H2 and gpg 2.5.5. TCP congestion provider BBR2 was introduced in 23H2. Users can run below command to switch from the default NewReno/CUBIC to the new provider: ``` >netsh interface tcp set supplemental Template=Compat CongestionProvider=bbr2 >netsh interface tcp set supplemental Template=Datacenter CongestionProvider=bbr2 >netsh interface tcp set supplemental Template=DatacenterCustom CongestionProvider=bbr2 >netsh interface tcp set supplemental Template=Internet CongestionProvider=bbr2 >netsh interface tcp set supplemental Template=InternetCustom CongestionProvider=bbr2 ``` After that, unfortunately gpg is not able to work. When I tring to generate keys, gpg will keep showing the flashing cursor even I have waiting for more than 30 minutes: ``` > gpg --full-generate-key gpg (GnuPG) 2.5.5; Copyright (C) 2025 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (9) ECC (sign and encrypt) *default* (10) ECC (sign only) (14) Existing key from card (16) ECC and Kyber Your selection? Please select which elliptic curve you want: (1) Curve 25519 *default* (4) NIST P-384 (6) Brainpool P-256 Your selection? Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 1 Key expires at 03/21/25 01:27:01 Taipei Standard Time Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: test Email address: test@test.com Comment: You selected this USER-ID: "test <test@test.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ``` Try another one, but still get the same result: ``` > gpg --import test.ssb gpg: key <hidden>: public key "<hidden>" imported ``` It still keeps showing the flashing cursor. I switched back from BBR2 to the default NewReno/CUBIC, then gpg works fine immediately. I have traced the progress, gpg seems not able to show the Pinentry window. The window should be popped after running the command. ``` Pinentry Please enter the passphrase to protect your new key. ``` I'm afraid that Windows will change the default TCP congestion provider in the future, which will break gpg's work. Not sure if gpg uses any internal or socket level network transmission (loopback interface, or IPC?), because I think only the network transport could cause this problem. Hope this can help, thanks a lot.

Hi team, Just found a problem when using gpg in command line. It seems gpg could not work if TCP congestion provider is BBR2. My platform is Windows 11 24H2 and gpg 2.5.5. TCP congestion provider BBR2 was introduced in 23H2. Users can usingrun below command to switch from the default NewReno/CUBIC to the new provider: ``` >netsh interface tcp set supplemental Template=Compat CongestionProvider=bbr2 >netsh interface tcp set supplemental Template=Datacenter CongestionProvider=bbr2 >netsh interface tcp set supplemental Template=DatacenterCustom CongestionProvider=bbr2 >netsh interface tcp set supplemental Template=Internet CongestionProvider=bbr2 >netsh interface tcp set supplemental Template=InternetCustom CongestionProvider=bbr2 ``` After that, unfortunately gpg is not able to work. When I tring to generate keys, gpg will keep showing the flashing cursor even I have waiting for more than 30 minutes: ``` > gpg --full-generate-key gpg (GnuPG) 2.5.5; Copyright (C) 2025 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (9) ECC (sign and encrypt) *default* (10) ECC (sign only) (14) Existing key from card (16) ECC and Kyber Your selection? Please select which elliptic curve you want: (1) Curve 25519 *default* (4) NIST P-384 (6) Brainpool P-256 Your selection? Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 1 Key expires at 03/21/25 01:27:01 Taipei Standard Time Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: test Email address: test@test.com Comment: You selected this USER-ID: "test <test@test.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ``` Try another one, but still get the same result: ``` > gpg --import test.ssb gpg: key <hidden>: public key "<hidden>" imported ``` It still keeps showing the flashing cursor. I switched back from BBR2 to the default NewReno/CUBIC, then gpg works fine immediately. I have traced the progress, gpg seems not able to show the Pinentry window. The window should be popped after running the command. ``` Pinentry Please enter the passphrase to protect your new key. ``` I'm afraid that Windows will change the default TCP congestion provider in the future, which will break gpg's work. Not sure if gpg uses any internal or socket level network transmission (loopback interface, or IPC?), because I think only the network transport could cause this problem. Hope this can help, thanks a lot.