Rectify agent/client mismatch listing secret keys with forwarded agent?

I have a client at 2.3 and a gpg-agent at 2.2.27 connected via ssh remote forwarding. However I cannot list secret keys (see detail). Is there a way for me to put this client into an accessibility mode so that the older agent will recognize the IPC commands? It is very hard for me to upgrade either client or agent in this case.

$ gpg --list-secret-keys --debug lookup,ipc,filter
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: filter ipc lookup
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: FIRST
gpg: DBG: internal_keydb_search: searching keybox (resource 0 of 1)
gpg: DBG: internal_keydb_search: searched keybox (resource 0 of 1) => Success
gpg: DBG: chan_5 <- OK Pleased to meet you, process 35850
gpg: DBG: connection to the gpg-agent established
gpg: DBG: chan_5 -> RESET
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION ttyname=/dev/pts/0
gpg: DBG: chan_5 <- ERR 67109115 Forbidden <GPG Agent>
gpg: DBG: chan_5 -> GETINFO restricted
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> GETINFO version
gpg: DBG: chan_5 <- D 2.2.27
gpg: DBG: chan_5 <- OK
gpg: WARNING: server 'gpg-agent' is older than us (2.2.27 < 2.3.3)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command "gpgconf --kill all" to restart them.
gpg: DBG: chan_5 -> OPTION allow-pinentry-notify
gpg: DBG: chan_5 <- ERR 67109115 Forbidden <GPG Agent>
gpg: DBG: chan_5 -> OPTION agent-awareness=2.1.0
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> HAVEKEY --list=1000
gpg: DBG: chan_5 <- ERR 67109144 IPC parameter error <GPG Agent> - invalid hexstring
gpg: problem with fast path key listing: IPC parameter error - ignored
gpg: DBG: chan_5 -> HAVEKEY <key1> <key2> <key3>
gpg: DBG: chan_5 <- ERR 67108881 No secret key <GPG Agent>
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: NEXT
gpg: DBG: internal_keydb_search: searching keybox (resource 0 of 1)
gpg: DBG: internal_keydb_search: searched keybox (resource 0 of 1) => EOF
gpg: secmem usage: 0/65536 bytes in 0 blocks

Sorry I don’t have a solution for your problem but you can visit the gnupg-users mailing list. Maybe someone over there knows what to do.

Thank you! I’ll ask on the list.

To make it discoverable for others:

https://lists.gnupg.org/pipermail/gnupg-users/2024-October/067351.html

1 Like