AW: WINDOWS - Adding passphrase to gpg via command line

Mike Kaufmann m.kaufmann at
Wed Jun 15 08:33:20 CEST 2016

Hi Peter

Thanks for your answer!

Unfortunately I still receive the same errors when I set the passphrase param as hexstring in Windows Command Line:

ERR 67108992 Missing value <GPG Agent>
ERR 67109139 Unknown IPC command <GPG Agent>

See also the attached screenshot. Do you habe any other ideas? This tool seems not to be made for Windows OS :(


-----Ursprüngliche Nachricht-----
Von: Peter Lebbing [mailto:peter at] 
Gesendet: Montag, 13. Juni 2016 20:15
An: Mike Kaufmann <m.kaufmann at>
Cc: gnupg-users at
Betreff: Re: WINDOWS - Adding passphrase to gpg via command line

On 13/06/16 08:12, Mike Kaufmann wrote:
> Unfortunately when I start gpg-agent with the following command on 
> Windows Command Line gpg-connect-agent PRESET_PASSPHRASE "74EC3FAA93CD49446EC6825C3EBEB2C336CCBE2A" -1 "MyPassphrase"
> I receive the following errors:
> ERR 67108992 Missing value <GPG Agent> ERR 67109139 Unknown IPC 
> command <GPG Agent>

I think it's possible Werner was mistaken about the correct format of the command. Here, on Debian GNU/Linux with GnuPG 2.1.11 (Debian packages version 2.1.11-7), the correct invocation appears to be different. However, so is the error message, oddly enough.

This is the help text for PRESET_PASSPHRASE:

> $ gpg-connect-agent
> > help preset_passphrase
> # PRESET_PASSPHRASE [--inquire] <string_or_keygrip> <timeout> 
> [<hexstring>] # # Set the cached passphrase/PIN for the key identified 
> by the keygrip # to passwd for the given time, where -1 means infinite 
> and 0 means # the default (currently only a timeout of -1 is allowed, 
> which means # to never expire it).  If passwd is not provided, ask for 
> it via the # pinentry module unless --inquire is passed in which case 
> the passphrase # is retrieved from the client via a server inquire.
> OK

So it appears to take a hexstring, not a percent-escaped string. Indeed this is what happens (the passphrase is indeed "test", this is a test key, not my real key :-):

> > preset_passphrase 2F677680CA15F6F7B963AF35822E8EC01FBF840A -1 "test"
> ERR 67109144 IPC parameter error <GPG Agent> - invalid hexstring
> > preset_passphrase 2F677680CA15F6F7B963AF35822E8EC01FBF840A -1 test
> ERR 67109144 IPC parameter error <GPG Agent> - invalid hexstring

Note it explicitly complains about the format, where on your invocation it's more ambiguous. This is a bit odd, if you ask me.

Now let's write "test" as hexadecimal ASCII:

> > preset_passphrase 2F677680CA15F6F7B963AF35822E8EC01FBF840A -1 
> > 74657374
> OK

And indeed the key is unlocked for use and could be used to sign some data.

So you could try this. I don't know what utility you'd use on Windows to easily get the hexadecimal. But to get the exact required input on a system like Linux, this will do so:

> $ echo -n "MyPassphrase" | hexdump -v -e '/1 "%02X"'; echo
> 4D7950617373706872617365



PS: On your replies, could you edit the Subject:-line to remove all the repeated strings of Re: or AW:?

PPS: I've never understood, by the way, why the people who write e-mail clients that translate those headers (Reply -> Antwort) don't implement some functionality to automatically prevent the madness of repeated headers in different languages. Your system even seems to repeat when it's in the same language? Here in The Netherlands, I also see stuff like "Re: Aw: Re: Aw: Re: the subject" come by. Really annoying, IMO.

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PresetPassphraseMissingValueGPGAgent.png
Type: image/png
Size: 20273 bytes
Desc: PresetPassphraseMissingValueGPGAgent.png
URL: </pipermail/attachments/20160615/dbf4d9cf/attachment-0001.png>

More information about the Gnupg-users mailing list