Gpg: signing failed: Timeout

snowman23 · November 1, 2023, 7:32am

I am trying to encrypt and sign a file using GPG but receiving the timeout error. The command works and it encrypts the file when I skip the ‘–sign’ option. I tried to just sign the file. But that did not work either.

gpg --output E:\Test.gpg  --encrypt --passphrase "test phrase"  --sign --armor -r "gpgtest@abc.com"  E:\Test.txt
Error : gpg: signing failed: Timeout

I am currently using gpg (GnuPG) 2.4.3

Anyone else is facing similar issues?

cklassen · November 2, 2023, 2:07pm

Hi @snowman23,

Did you try to add -v to the command to enable verbosity? Maybe it will help to find out more.

snowman23 · November 2, 2023, 6:40pm

@cklassen I tried with verbose option and got the below in the logs.

gpg: enabled compatibility flags:
gpg: using subkey instead of primary key
gpg: using pgp trust model
gpg: This key belongs to us
gpg: writing to ‘E:\Test.gpg’
gpg: Note: key has no AEAD feature
gpg: pinentry launched (488 qt 1.2.1 - - - - 0/0 -)
gpg: signing failed: Timeout
gpg: E:\Test.gpg: sign+encrypt failed: Timeout

aheinecke · November 3, 2023, 7:03am

Hallo, bei --sign wird dein secret key benötigt und daher halt auch die passphrase um deinen secret key zu entsperren. Wenn du die Passphrase eh in das batch Kommando schreibst wäre es vielleicht eine überlegung die Passphrase komplett von deinem key zu entfernen.

Dein Kommando würde aber auch funktionieren wenn du “–pinentry-mode loopback” noch mit einfügst. Das ist auch in all unserer Dokumentation dazu beschrieben. Habe ich extra hinzugefügt weil das eines der häufigsten Probleme ist

Siehe dazu auch: GPG Esoteric Options (Using the GNU Privacy Guard)

--passphrase string

    Use string as the passphrase. This can only be used if only one passphrase is supplied. Obviously, this is of very questionable security on a multi-user system. Don’t use this option if you can avoid it.

    Note that since Version 2.0 this passphrase is only used if the option --batch has also been given. Since Version 2.1 the --pinentry-mode also needs to be set to loopback.

aheinecke · November 3, 2023, 7:08am

Oh sorry, I wrote my reply in german. Here it is in english again:
With --sign gnupg needs to access your secret key so it requires the passphrase for it. If you write it in a batch file anyway it might be better to remove the passphrase altogether from your secret key.

Your command wold work though if you added “–pinentry-mode loopback” GPG Esoteric Options (Using the GNU Privacy Guard) This is explicitly mentioned in our documentation since that is one of the most common problems when using passphrase options on the command line.

And yes I am constantly arguing with the maintainer of GnuPG to “imply” pinentry-mode loopback automatically when one of the passphrase options is used…

snowman23 · November 10, 2023, 3:22am

@aheinecke
Thank you for the reply. I re-imported the key pair and tried the encrypt with sign option. It worked this time ! Thank you very much.

But now when I try to decrypt the same file, I am getting the below error:
gpg: public key decryption failed: Timeout
gpg: decryption failed: Timeout

snowman23 · November 10, 2023, 3:37am

@aheinecke when I tried -verbose option I got the below message.
gpg: pinentry launched (116 qt 1.2.1 - - - - 0/0 -)
gpg: public key decryption failed: Timeout
gpg: decryption failed: Timeout

I did not get any pinentry pop up on the server.

snowman23 · November 13, 2023, 9:51pm

In another discussion, I saw that we can actually update the gpg.conf by adding ‘pinentry-mode loopback’ to avoid the pinentry launch.
But I could not locate the gpg.conf file. I tried searching on c:\users\yourname\AppData\Roaming.

eebb · November 14, 2023, 12:07pm

It seems you meanwhile noticed that you had to add “–pinentry-mode loopback" additionally to the --passphrase for decryption, too, if you can’t use pinentry.

And yes, if you want to always use the option, you can add it in the gnupg.conf instead of giving it on the command line.

You are looking in the right place for the gpg.conf, the default location is in c:\users\yourname\AppData\Roaming\gnupg . To be more precise, it is %APPDATA%\gnupg which resolves usually to the above nowadays.

If there is no gnupg.conf in that folder, just create it and put the options you want in there.

aheinecke · November 14, 2023, 12:30pm

Thank you for your advice, which is completely correct except for one important detail: The file is called “gpg.conf” a file with name “gnupg.conf” will have no effect!

snowman23 · November 14, 2023, 5:26pm

Thank you both @aheinecke @eebb

I created the gpg.conf and it worked !!

You guys made my day ! Thanks a ton !