Posted by michiel on

Using GnuPG 2.1.x on Windows

I use GPG, specifically GnuPG, on Arch Linux and Windows. Both OSes mount my home directory from my NAS, which contains amongst others my GPG settings and keys. Now, my Arch Linux GnuPG installation got updated from the “stable” 2.0.x series to the “modern” 2.1.x series, which seems to use a new keyring for storing keys. Now, the Windows Gpg4Win installation came with GnuPG 2.0.x, which could no longer find secret keys created under Arch Linux…

The first thing I tried to fix this was to just install GnuPG 2.1.x for Windows (you can download it from gnupg.org), rather than Gpg4win. While this could find my keys (gpg -K), it didn’t let me decrypt anything because it doesn’t ship with a pinentry program. That comes with Gpg4win. I kept getting errors like this:

PS C:\> gpg --decrypt foo.txt.gpg
gpg: encrypted with 4096-bit RSA key, ID ABCDE123, created 2015-01-01
 "Foo Bar <foo@bar.baz>"
gpg: public key decryption failed: No pinentry
gpg: decryption failed: No secret key

…until I found the following workaround:

  1. Install both GnuPG for Windows and Gpg4win.
  2. Update your system’s Path environment variable (under Control Panel -> System -> Advanced System Settings -> Environment Variables -> System Variables), and ensure that C:\Program Files (x86)\GnuPG\bin (GnuPG) comes before C:\Program Files (x86)\GNU\GnuPG\pub (Gpg4win).
    • If you didn’t choose the default installation destinations, you need to take that into account of course.
  3. Kill any running gpg-agent.exe processes (just use the Windows Task Manager’s Processes tab)
  4. Run: gpg-agent.exe –pinentry-program ‘C:\Program Files (x86)\GNU\GnuPG\pinentry-qt4.exe’ –daemon

Now you can use gpg from PowerShell as before (e.g. gpg –decrypt mypasswords.txt.gpg | select-string google.com).

This workaround doesn’t make Kleopatra use the new GnuPG version, but at least the command line works again. If anyone knows how to get Kleopatra (and ideally the other tools that come with Gpg4win) to use the new GnuPG version, please do leave a comment.

Update on 20 June 2016: Added adjustments I had to make after a restart.


Comments ( 3 )

  1. ReplyDenver
    Any thoughts on getting Kleopatra to work with 2.1?
  2. ReplyMpls
    Interesting workaround. I've been researching a similar setup. The Gpg4win 3.0 beta would seem to be a better base since it utilizes the gpg 2.1/modern branch (2.1.15 to be exact.) Presumably it's just the GUI components that are in beta since it's running cmd-line gpg2 under the hood. As of this writing, GnuPG is at 2.1.17, so there's a bit of lag. But according to the current Gpg4win roadmap, 3.0 is due to go production some time this quarter (2017, Q1). Aside from Kleopatra and GPA, there's another Windows front-end available called WinGPG. Their site doesn't seem to offer any documentation, but I downloaded the portable version and found that it uses gpg 2.1.9. And with the portable version, it might be trivial to simply replace the binaries with the latest versions from gnupg.org.
    • ReplyAuthormichiel
      Yeah, I agree - I think Ggp4win 3.0 will be the way to go once it's released, and I'm looking forward to the release. I don't know exactly which parts of it are considered beta, but the beta release notes mention some known bugs, perhaps those are responsible for the beta status. Thanks for pointing out WinGPG, I wasn't aware of it!