GPG4Win version matching with Linux GPG

Gpg4win help-en
1

I understand that my use case is very unusual and I’m probably doing at least one thing that’s going to make people cringe, but I have a specific need for GPG use in a specific way and I’m stuck on how to proceed.

I’ll preface this by saying I did have it working at one time, but updates to GPG seem to have broken it and I’m not sure what my next steps should be. I suspect I need to change revisions of GPG4Win, but I’m not 100% sure, thus I’m going to ask.

So, here’s the situation.

I develop software on a combination of Windows and Linux via WSL2. I’m using a socket proxy called “wsl2-ssh-pageant” to make the gpg-agent running on Windows accessible to the WSL2 Linux install (running Arch Linux) so that Git can do the code signing via my Yubikey.

I can currently confirm that I can use “socat - UNIX-CONNECT:/home/firehawke/.gnupg/S.gpg-agent” to actually talk to the gpg-agent running in Windows from the Linux shell. The problem comes when I try to actually connect to the Agent using GPG itself.

Doing “gpg --card-status” gives me:

gpg: can’t connect to the agent: End of file
gpg: OpenPGP card not available: No agent running

after which point it starts gpg-agent and further attempts to do card status give:

gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device

…and it then overwrites the proxy socket file with the GPG-Agent on the Linux side.

Doing “gpg --version” provides me with…
gpg (GnuPG) 2.2.40

and I suspect there might’ve been a protocol change since that version came out, but I don’t know enough about GPG4Win’s history to be able to say for sure. Assuming this is just a case of incompatible versions, what version do I need to go back to in order to get the two sides talking again?

I’m aware that downgrading is considered a bad idea in general, but I don’t think I have any real choice in the matter if I want to get my work done without migrating literally everything to Windows (which I can do but choose not to for multiple reasons)

Oh, and just to be clear: GPG4Win sees and works just fine with the card. I can --card-status from the command line and get full details on my Yubikey, as well as code sign. It’s only the proxy side where things break.

Any ideas? Any leads? Any hope at all?

2

Hi John,

for diagnostic purposes you could try Gpg4win 3.1.16 and see if this has a different behaviour. (See https://www.gpg4win.de/change-history-de.html for the history and be warned that old version can have defects).

If it really is a version missmatch you could try building a more modern GnuPG version on Arch GNU/Linux yourself manually. (It is not that hard, but of course it is uncomfortable.)

Another idea would be to ask on the gnupg-users@ mailinglist or check the dev.gnupg.org tracker if you’ll find something.

Best Regards,
Bernhard

3

I doubt that the version mismatch is really the problem here (But I do not know what else is the problem).

For the record I want to mention that the Gpg4win repo nowadays also contains scripts to compile an AppImage with Kleopatra and GnuPG in the same Version as published in Gpg4win. This is provided for download under: https://gnupg.org/download/index.html in the binary releases section.