New user to gpg4win here. Well, I would like to be, but it locks up before I can do anything.
Installed gpg4win 4.4.0, and started Kleopatra, but the UI just spins forever trying to load the certificate cache.
Turns out nothing at all works.
For example, after a full reboot, if I just do “gpg -K” from the commandline, it never returns.
In Task Manager, I see gpg.exe starting (obviously). Shortly after, I see keyboxd.exe, and then nothing happens.
If instead I start Kleopatra, I see the icon appearing in the tray (and task manager sees gpgconf.exe, gpg-connect-agent.exe and gpg-agent.exe).
If I click on it to open the app, I also see gpg.exe, keyboxd.exe and gpgsm.exe, but like I said, it spins forever on Loading certificate cache.
I attached the output of “gpgconf -X”, but there’s nothing interesting there. gpgconf-output-sanitized.txt (2.1 KB)
Any ideas where to poke?
EDIT: I should add that 5.0.0.beta32 has the same result.
The behavior you describe would be something I’d expect to see if gpg (or Kleopatra) can not access its own files in %APPDATA%\gnupg and in %LOCALAPPDATA%\gnupg.
But as your configuration files where created - as gpgconf -X shows - that can not be the cause.
I see that on Windows 11 exists a “Smart App Control” which can block programs it deems untrustworthy. I’d poke in this area.
Yeah I had already suspected that, but turning them off didn’t fix anything.
Then yesterday I turned most of the security features off and rebooted … and then hated the rest of the day.
Windows 11 booted, but had decided that Smart Login (fingerprint/camera) doesn’t work, and that I no longer have a PIN. And it wouldn’t let me set one of as it claimed I don’t have an Internet connection (could be the firewall never let anything through to that address, and since I couldn’t log in, I also couldn’t approve the firewall UI).
Long story short, i ended up copying the data to another drive via Recovery Mode / Bitlocker recovery.
Then reinstalled a clean Windows 11.
And now it of course works.
I wish I could be helpful in what the original problem was, but Microsoft basically killed all that.
I’m happy that Gpg4win works now for you, even though you had a lot of MS hassle to go through…
In my book the cause was Windows blocking Kleopatra and/or gpg (or any of the other background processes of Gpg4win) and nothing we can do anything about on our side.
Well, that was unexpected.
It’s been working for a few days now, and suddenly it’s doing exactly the same as before.
Just spinning on the “Loading certificate cache” and nothing works.
So trying to debug it here.
I killed all the processes, and deleted the lock files.
Then on the comandline, I did “gpg -vvvvvvvvvv -K” (no idea if gpg has the same "lots of verboses turn up the level, but it’s at least showing more than no v’s).
Result:
gpg: using character set ‘utf-8’
gpg: enabled compatibility flags:
gpg: using pgp trust model
gpg: no running gpg-agent - starting ‘C:\Program Files (x86)\Gpg4win\…\GnuPG\bin\gpg-agent.exe’
gpg: waiting for the agent to come up … (8s)
And then it sits there forever.
In the process viewer, I can see that gpg-agent DID start.
If I manually start the gpg-agent with “gpg-agent -vvv --daemon”, it prints out that it’s listening on sockets in AppData/Local/*, and then “gpg-agent[8816]: gpg-agent (GnuPG) 2.4.7 started”.
Now a “gpg -vvv -K” in another window just gives me:
gpg: using character set ‘utf-8’
gpg: enabled compatibility flags:
gpg: using pgp trust model
And at that time, the agent prints:
gpg-agent[10224]: handler 0x2 for fd 152 started
Then it again just sits there.
Actually … after maybe a minute, the agent prints:
gpg-agent[10224]: handler 0x4 for fd 244 started
And after that, I haven’t been patient enough to see any more activity.
If I just do commandline, then I see gpg.exe itself, and gpg-agent.exe - nothing else.
If I try starting Kleopatra, I also see gpgconf.exe and gpg-connect-agent.exe (and kleopatra.exe of course)
EDIT: And now I think I made it really unhappy.
Tried doing “gpg-disable-keyboxd” (found that in another thread).
That ran quickly, and converted my whole keyring.
(Well I thought it did, but maybe not - all my (old) keys are sha1 signed, and I guess it ignores those, so it ended with gpgsm: total number processed: 0)
But it didn’t fix anything.
So I ran “gpg-enable-keyboxd” and that one freezes up th same way as before.
The communication between the various gpg relates processes is via TCP on windows.
If e.g. an overaggressive personal “firewall” setting blocks localhost, this could be the cause of your problem.
I do have ESET running.
But that has been running since I installed Windows (always install that as the first thing).
Disabling it has no effect.
EDIT: Also, nothing is blocking localhost.
For example, if I make a PuTTY connection to a server, and have it port forward 11111 to some other server, then localhost:11111 works fine.
For better Internet speed, I usually switch to the BRR2 congestion protocol.
This breaks gpg4win!
To see what your algorithm settings currently are, run:
powershell “Get-NetTCPSetting | Select SettingName, CongestionProvider”
IIRC, the default is CUBIC,CUBIC,NewRenoCUBIC,CUBIC
To turn BRR2 on for all connection types, run the following in an Administrator console:
netsh int tcp set supplemental Template=Internet CongestionProvider=bbr2
netsh int tcp set supplemental Template=Datacenter CongestionProvider=bbr2
netsh int tcp set supplemental Template=Compat CongestionProvider=bbr2
netsh int tcp set supplemental Template=DatacenterCustom CongestionProvider=bbr2
netsh int tcp set supplemental Template=InternetCustom CongestionProvider=bbr2
