FW: gpg-agent connection errors

Kent A. Larsen klarsen at neweralife.com
Fri May 22 14:24:53 CEST 2020

It is installed on the local file system of one of our internal servers, a portion of which is shared on our internal network. The server is running Windows Server 2016, and all of the clients that can access it are running Windows 10 or Windows Server 2012 R2 or higher.

FWIW, GnuPG 1.x (latest probably 1.4.20 or 21) ran flawlessly in a similar installation arrangement for almost 15 years, before we upgraded to GnuPG 2.2.19 (via gpg4win 3.1.11) as part of the migration of the server to Windows Server 2016.

As far as AV goes, a current version of ESET is running on the server, but I've already tried excluding the entire Keys subfolder (where those connection files and the keyring reside) from its scanning.

I'll have our Network Administrator look into the firewall configuration, but as Werner observed, it doesn't fail ALL the time.


Kent A. Larsen, FLMI
Systems Analyst
New Era/Philadelphia American Life Insurance Companies
klarsen at neweralife.com
Direct: (402) 905-2179

-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Werner Koch via Gnupg-users
Sent: Friday, May 22, 2020 3:49 AM
To: Ángel <angel at pgp.16bits.net>
Cc: gnupg-users at gnupg.org
Subject: Re: FW: gpg-agent connection errors

ATTENTION: This email came from an external source. Do not open attachments or click on links from unknown or unexpected emails.

On Fri, 22 May 2020 03:18, Ángel said:

> how this AF_UNIX socket is actually implemented on Gpg4win (as a named
> pipe, perhaps?), but your issues might be related to having it on a

It is a regular file with a nonce and a port.  The server listens on
localhost:THATPORT for connections and checks that the client provides
the nonce in an initial handshake.  Now if some plain stupid firewall
software (Symantec _used_ to be one) blocks connections from localhost
to localhost things won't work.  But that can't be the problem of the OP
because it worked most of the times.

FWIW, Named pipes are not used because there is no mechanism on Windows
to restrict them to the local machine.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

HIPAA requires covered entities to safeguard Protected Health Information (PHI) related to a person's health care. Information in this email may include PHI that has been provided after appropriate authorization from the patient or under certain circumstances that do not require the patient's authorization. You, the recipient, are obligated to maintain PHI in a safe and secure manner. You may not use or disclose this email without additional patient consent unless required by law. Unauthorized use or disclosure of or failure to safeguard PHI could subject you to penalties under state and/or federal law. The information contained in this email and any attachments is also confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, please notify us immediately and delete this email from your email system. Please also shred any hard copy of this email and attachments, if any. If you have received this email in error, please notify our Privacy Officer immediately at (281)368-7200 (in Houston) or toll free at (800)552-7879.

More information about the Gnupg-users mailing list