WINDOWS - Adding passphrase to gpg via command line

Peter Lebbing peter at
Mon Jun 13 20:15:02 CEST 2016

On 13/06/16 08:12, Mike Kaufmann wrote:
> Unfortunately when I start gpg-agent with the following command on Windows Command Line
> gpg-connect-agent PRESET_PASSPHRASE "74EC3FAA93CD49446EC6825C3EBEB2C336CCBE2A" -1 "MyPassphrase"
> I receive the following errors:
> ERR 67108992 Missing value <GPG Agent>
> ERR 67109139 Unknown IPC command <GPG Agent>

I think it's possible Werner was mistaken about the correct format of
the command. Here, on Debian GNU/Linux with GnuPG 2.1.11 (Debian
packages version 2.1.11-7), the correct invocation appears to be
different. However, so is the error message, oddly enough.

This is the help text for PRESET_PASSPHRASE:

> $ gpg-connect-agent 
> > help preset_passphrase
> # PRESET_PASSPHRASE [--inquire] <string_or_keygrip> <timeout> [<hexstring>]
> # 
> # Set the cached passphrase/PIN for the key identified by the keygrip
> # to passwd for the given time, where -1 means infinite and 0 means
> # the default (currently only a timeout of -1 is allowed, which means
> # to never expire it).  If passwd is not provided, ask for it via the
> # pinentry module unless --inquire is passed in which case the passphrase
> # is retrieved from the client via a server inquire.
> OK

So it appears to take a hexstring, not a percent-escaped string. Indeed
this is what happens (the passphrase is indeed "test", this is a test
key, not my real key :-):

> > preset_passphrase 2F677680CA15F6F7B963AF35822E8EC01FBF840A -1 "test"
> ERR 67109144 IPC parameter error <GPG Agent> - invalid hexstring
> > preset_passphrase 2F677680CA15F6F7B963AF35822E8EC01FBF840A -1 test
> ERR 67109144 IPC parameter error <GPG Agent> - invalid hexstring

Note it explicitly complains about the format, where on your invocation
it's more ambiguous. This is a bit odd, if you ask me.

Now let's write "test" as hexadecimal ASCII:

> > preset_passphrase 2F677680CA15F6F7B963AF35822E8EC01FBF840A -1 74657374
> OK

And indeed the key is unlocked for use and could be used to sign some data.

So you could try this. I don't know what utility you'd use on Windows to
easily get the hexadecimal. But to get the exact required input on a
system like Linux, this will do so:

> $ echo -n "MyPassphrase" | hexdump -v -e '/1 "%02X"'; echo
> 4D7950617373706872617365



PS: On your replies, could you edit the Subject:-line to remove all the
repeated strings of Re: or AW:?

PPS: I've never understood, by the way, why the people who write e-mail
clients that translate those headers (Reply -> Antwort) don't implement
some functionality to automatically prevent the madness of repeated
headers in different languages. Your system even seems to repeat when
it's in the same language? Here in The Netherlands, I also see stuff
like "Re: Aw: Re: Aw: Re: the subject" come by. Really annoying, IMO.

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list