Page MenuHome GnuPG

Error when converting keyring to gpg 2.1
Closed, ResolvedPublic

Description

System:
Windows 8.1 (x64)
Gpg 2.1.5

Description:
I installed Gpg 2.1.5 (gnupg-w32-2.1.5_20150611.exe) and tried to list my public
and private keys.
Invoking gpg on command line with "--list-public-keys" shows all my public keys
correctly, while "--list-secret-keys" shows an empty list.
The keyring (with about 50 public and some secret keys) was created with gpg
1.4.? some (long) time ago and hasn't been migrated to 2.1 before.
Before running the following commands no agent/dirmanager was running.

gpg -K --verbose on command line produces the following output:

gpg: starting migration from earlier GnuPG versions
gpg: no running gpg-agent - starting 'C:\Program Files
(x86)\GNU\GnuPG21\bin\gpg-agent.exe'
gpg: waiting for the agent to come up ... (5s)
gpg: waiting for the agent to come up ... (4s)
gpg: connection to agent established
gpg: porting secret keys from
'C:/Users/xxxxx/AppData/Roaming/gnupg/secring.gpg' to gpg-agent
gpg: key A111C47B/A111C47B: error sending to agent: End of file
gpg: error building skey array: End of file
gpg: Note: signature key 7F37F290 expired 01/01/14 12:00:00 Mitteleuropõische Zeit
gpg: error getting the KEK: Input/output error
gpg: error getting the KEK: Input/output error
gpg: error getting the KEK: Input/output error
gpg: error getting the KEK: Input/output error
gpg: error getting the KEK: Input/output error
gpg: error getting the KEK: Input/output error
gpg: error getting the KEK: Input/output error
gpg: error getting the KEK: Input/output error
gpg: error getting the KEK: Input/output error
gpg: migration succeeded
gpg: using PGP trust model

I added the following options to my gpg-agent.conf :

log-file c:/temp/gpg-agent.log
debug 1024
verbose

After running the -K command from above the content of this log file looks like
this:

2015-06-15 15:52:40 gpg-agent[3360] listening on socket
'C:/Users/xxxxx/AppData/Roaming/gnupg/S.gpg-agent'
2015-06-15 15:52:40 gpg-agent[3360] gpg-agent (GnuPG) 2.1.5 started
2015-06-15 15:52:42 gpg-agent[3360] handler 0x2 for fd 360 started
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 -> OK Pleased to meet you
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 <- RESET
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 -> OK
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 <- OPTION
allow-pinentry-notify
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 -> OK
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 <- OPTION
agent-awareness=2.1.0
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 -> OK
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 <- AGENT_ID
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 -> ERR 67109139 Unknown
IPC command <GPG Agent>
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 <- GETINFO version
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 -> D 2.1.5
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 -> OK
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 <- KEYWRAP_KEY --import
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 -> [ 44 20 65 cd 29 6c
d6 c5 8f f3 b8 e5 61 0c cb fc ...(2 byte(s) skipped) ]
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 -> OK
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 <- SETKEYDESC
Please+enter+the+passphrase+to+import+the+OpenPGP+secret+key:%0A%22Alexander+Strobel+(Giegerich+&+Partner+GmbH)%22%0A4096-bit+RSA+key,+ID+A111C47B,%0Acreated+2015-01-27.%0A
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 -> OK
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 <- IMPORT_KEY --unattended
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 -> Confidential data not shown
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 <- Confidential data not shown
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 <- Confidential data not shown
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 <- Confidential data not shown
2015-06-15 15:52:42 gpg-agent[3360] DBG: chan_00000168 <- Confidential data not shown

The pinentry is not shown.

Details

Version
2.1.7

Event Timeline

The "migration succeeded" despite of the I/O errors smells fishy. Can you
please delete the "gpg-v21-migrated" file in
C:/Users/xxxxx/AppData/Roaming/gnupg/ and try again with a log file?

Would you mind to explain how to enable logging in 2.1?
I tried with --log-file [filename] and --logger-file [filename] but it only
created an empty (0 Bytes) file.
I tried to pipe the output to a file with "gpg -K [--verbose] >
c:\temp\gpg21.log" but this didn't work either. Is the K command supposed to be
"unpipeable"? (The output of "gpg --version" can be piped.)

Not different than in 2.0. You need to enable logging also for gpg-agent. The
best way to do this is by adding

log-file socket:///temp/S.gnupg-log
debug 1024

to gpg-agent.conf and gpg.conf. gpg-agent.conf is usuallay sufficient.
You may then use

   watchgnupg /temp/S.gnupg-log

to view the log in real time. Frankly, under Windows I often use

log-file tcp://1.2.3.4:4711

or

log-file tcp://[2001:db8::1]:4711

along with

watchgnupg --tcp 4711

Sorry, but this is not working for me. I do not find watchgnupg executable and
gnupg.org states that this tool does not exist for windows. Maybe I am not clever
enough to find it.
Anyhow I extended the gpg.conf according to your suggestion. (gpg-agent.conf was
already configured like that) I don't know why there is no additional log file
gpg.conf created. I attached my two config files to this issue.

I deleted the "gpg-v21-migrated" file and rerun "gpg -K --verbose". Attached to
this issue you will find my gpg-agent.log . This time it looks like it has more
output in it than the last time.

watchgnupg might be missing in the installer. It should be in gpg4win, though.
Anyway using it on Unix with --tcp is much more convenient.

In gpg4win there is a kwatchgnupg.exe but it throws an error stating that it is
not "installed" within my $PATH variable. The weird thing is, that I started it
from a command prompt somewhere in my filesystem, so its path is set in my $PATH
variable. Strange ...

In last consequence I even tried it with Wireshark and did not get any results
observing localhost and running the command again.

Isn't the output of the log (posted before) enough information or is there any
other way to collect the information you need?

Seeing the same on Windows 10 with latest gnupg-w32 package.

Attached is the gpg.log

Migration suceeds from nearly the same homedir under windows 7.

I think the problem is that pinentry-basic does not work on Windows 8.1 and
later. Although I wonder why this should break the migration as I don't get a
pinentry dialog when migrating on Windows 7. (Or on GNU/Linux platforms for that
matter)

It's not the pinentry. If i install a working pinentry signing files works but
still the migration fails.
Windows Event logs also report that the agent crashed and the process is not
running afterwards.

issue2085 might be related.

aheinecke claimed this task.
aheinecke added a project: Duplicate.

Duplicate of T2085

With gcrypt compiled with -mstackrealign as analyzed in T2085 this problem
is also fixed.

So I'm marking this as a duplicate of T2085.