issue with encryption and multiple keys

hello there, i was wondering if you can help

i’m running the latest version of gpg4win

i setup 3 keys to use with 3 different providers and transfer files via FTP

2 certificate are certified within kleopatra using the third one - main

i’m using a bat file to encrypt the file before the SFTP transmission using the 3rd certificate (certified with the main one with its own passphrase)

i’m using this command line in the bat file

gpg.exe --pinentry-mode=loopback --batch --sign --passphrase

the bat file doesn’t work returning

gpg: signing failed: Bad passphrase
gpg: signing failed: Bad passphrase

(as it is, twice)

the only way i can consistently get it to work is if i reinstall gpg4win (on top) and recertify the keys: the process works a few times before breaking again

any idea what’s going on and how i can get around it?

i think gpg is getting confused on which key to use and tries to use the default one

is there a way for me to explicitly tell it what key to use in the command line?

encryption works fine if i use the gui and the correct passphrase

any help is appreciated at this point :slight_smile:

thank you

here’s the log if it helps

gpg: Note: no default option file ‘C:/Users/sftpadmin/AppData/Roaming/gnupg/gpg.conf’
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_0x000001d4 ← OK Pleased to meet you
gpg: DBG: connection to agent established
gpg: DBG: chan_0x000001d4 → RESET
gpg: DBG: chan_0x000001d4 ← OK
gpg: DBG: chan_0x000001d4 → GETINFO version
gpg: DBG: chan_0x000001d4 ← D 2.2.23
gpg: DBG: chan_0x000001d4 ← OK
gpg: DBG: chan_0x000001d4 → OPTION allow-pinentry-notify
gpg: DBG: chan_0x000001d4 ← OK
gpg: DBG: chan_0x000001d4 → OPTION agent-awareness=2.1.0
gpg: DBG: chan_0x000001d4 ← OK
gpg: DBG: chan_0x000001d4 → OPTION pinentry-mode=loopback
gpg: DBG: chan_0x000001d4 ← OK
gpg: DBG: chan_0x000001d4 → SCD SERIALNO
gpg: DBG: chan_0x000001d4 ← ERR 100xxxxx No such device
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search 0: FIRST
gpg: DBG: keydb_search: searching keybox (resource 0 of 1)
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search 0: LONG_KID: ‘6274xxxxxxxxx’
gpg: DBG: keydb: kid_not_found_p (6274xxxxxbxxxxx) => indeterminate
gpg: DBG: keydb_search: searching keybox (resource 0 of 1)
gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => Success
gpg: DBG: [not enabled in the source] keydb_search leave (found)
gpg: DBG: [not enabled in the source] keydb_get_keybock enter
gpg: DBG: parse_packet(iob=1): type=6 length=523 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=1): type=12 length=12 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=1): type=13 length=70 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=1): type=12 length=12 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=1): type=2 length=565 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=1): type=12 length=6 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=1): type=2 length=589 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=1): type=12 length=6 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=1): type=14 length=523 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=1): type=2 length=546 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=1): type=12 length=6 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: iobuf-1.0: underflow: buffer size: 2885; still buffered: 0 => space for 2885 bytes
gpg: DBG: iobuf-1.0: close ‘?’
gpg: DBG: [not enabled in the source] keydb_get_keyblock leave
gpg: DBG: finish_lookup: checking key FB2xxxxx (all)(req_usage=0)
gpg: DBG: using key FB2Exxxx
gpg: using pgp trust model
gpg: DBG: free_packet() type=6
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=14
gpg: DBG: free_packet() type=2
gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => Success
gpg: DBG: [not enabled in the source] keydb_search leave (found)
gpg: DBG: [not enabled in the source] keydb_get_keybock enter
gpg: DBG: parse_packet(iob=2): type=6 length=523 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=2): type=12 length=12 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=2): type=13 length=70 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=2): type=12 length=12 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=2): type=2 length=565 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=2): type=12 length=6 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=2): type=2 length=589 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=2): type=12 length=6 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=2): type=14 length=523 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=2): type=2 length=546 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=2): type=12 length=6 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: iobuf-2.0: underflow: buffer size: 2885; still buffered: 0 => space for 2885 bytes
gpg: DBG: iobuf-2.0: close ‘?’
gpg: DBG: [not enabled in the source] keydb_get_keyblock leave
gpg: DBG: get_keygrip for public key
gpg: DBG: keygrip= 5D DB 92 xxxxxx xxxxxxxxxxxxxxxxxx
gpg: DBG: get_keygrip for public key
gpg: DBG: keygrip= 5B AE 3D xxxxxxxxxxxxxxxxxxxxxxxxx
gpg: DBG: chan_0x000001d4 → HAVEKEY 5DDB9xxxxxxxxxxxxxxxxxxxxxxxxxx 5BAE3Dxxxxxxxxxxxxxxxxxxxxx
gpg: DBG: chan_0x000001d4 ← ERR 6710xxxxxx No secret key
gpg: DBG: free_packet() type=6
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=14
gpg: DBG: free_packet() type=2
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search 0: NEXT
gpg: DBG: keydb_search: searching keybox (resource 0 of 1)
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search 0: LONG_KID: ‘367xxxxxxxxx’
gpg: DBG: keydb: kid_not_found_p (367131b8xxxxxx) => indeterminate
gpg: DBG: keydb_search: searching keybox (resource 0 of 1)
gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => Success
gpg: DBG: [not enabled in the source] keydb_search leave (found)
gpg: DBG: [not enabled in the source] keydb_get_keybock enter
gpg: DBG: parse_packet(iob=3): type=6 length=525 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=3): type=12 length=12 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=3): type=13 length=40 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=3): type=12 length=12 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=3): type=2 length=590 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=3): type=12 length=6 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=3): type=14 length=525 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=3): type=2 length=566 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=3): type=12 length=6 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: iobuf-3.0: underflow: buffer size: 2304; still buffered: 0 => space for 2304 bytes
gpg: DBG: iobuf-3.0: close ‘?’
gpg: DBG: [not enabled in the source] keydb_get_keyblock leave
gpg: DBG: finish_lookup: checking key 0CDF1xxxx (all)(req_usage=0)
gpg: DBG: using key 0CDF1821
gpg: DBG: free_packet() type=6
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=14
gpg: DBG: free_packet() type=2
gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => Success
gpg: DBG: [not enabled in the source] keydb_search leave (found)
gpg: DBG: [not enabled in the source] keydb_get_keybock enter
gpg: DBG: parse_packet(iob=4): type=6 length=525 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=4): type=12 length=12 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=4): type=13 length=40 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=4): type=12 length=12 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=4): type=2 length=590 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=4): type=12 length=6 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=4): type=14 length=525 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=4): type=2 length=566 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: parse_packet(iob=4): type=12 length=6 (parse./home/wk/b/gnupg-2.2/dist/PLAY-release/gnupg-w32-2.2.23/g10/keydb.c.1255)
gpg: DBG: iobuf-4.0: underflow: buffer size: 2304; still buffered: 0 => space for 2304 bytes
gpg: DBG: iobuf-4.0: close ‘?’
gpg: DBG: [not enabled in the source] keydb_get_keyblock leave
gpg: DBG: get_keygrip for public key
gpg: DBG: keygrip= 2D 30 C4 xxxxxxxxxxx xxxxxxxxxx@xxxxxxx
gpg: DBG: get_keygrip for public key
gpg: DBG: keygrip= 17 20 41 xxxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxxx
gpg: DBG: chan_0x000001d4 → HAVEKEY 2D30C4xxxxxxxxxxxxxxxxxxxx 17204xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
gpg: DBG: chan_0x000001d4 ← OK
gpg: DBG: finish_lookup: checking key 0CDxxxxx (all)(req_usage=1)
gpg: DBG: checking subkey 2348xxxx
gpg: DBG: usage does not match: want=1 have=2
gpg: DBG: no suitable subkeys found - trying primary
gpg: DBG: primary key may be used
gpg: DBG: using key 0CDFxxxx
gpg: DBG: cache_user_id: already in cache
gpg: DBG: free_packet() type=6
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=14
gpg: DBG: free_packet() type=2
gpg: DBG: fd_cache_open (PATH|FILE) not cached
gpg: DBG: iobuf-5.0: open ‘PATH|FILE’ desc=file_filter(fd) fd=488
gpg: DBG: fd_cache_invalidate (PATH|FILE.gpg)
gpg: DBG: iobuf-6.0: open ‘PATH|FILE.gpg’ desc=file_filter(fd) fd=496
gpg: writing to ‘PATH|FILE.gpg’
gpg: DBG: iobuf-6.0: ioctl ‘file_filter(fd)’ no_cache=1
gpg: DBG: get_keygrip for public key
gpg: DBG: keygrip= 2D 30 C4 xxxxxxxx xxxxxxxxxxxxxxxx
gpg: DBG: chan_0x000001d4 → KEYINFO 2D30C4xxxxxxxxxxxxxxxxxxxxx
gpg: DBG: chan_0x000001d4 ← S KEYINFO 2D30C4xxxxxxxxxxxxx x - x - x - x -
gpg: DBG: chan_0x000001d4 ← OK
gpg: DBG: iobuf-5.1: push ‘md_filter’
gpg: DBG: iobuf chain: 5.1 ‘md_filter’ filter_eof=0 start=0 len=0
gpg: DBG: iobuf chain: 5.0 ‘file_filter(fd)’ filter_eof=0 start=0 len=0
gpg: DBG: iobuf-6.1: push ‘compress_filter’
gpg: DBG: iobuf chain: 6.1 ‘compress_filter’ filter_eof=0 start=0 len=0
gpg: DBG: iobuf chain: 6.0 ‘file_filter(fd)’ filter_eof=0 start=0 len=0
gpg: DBG: build_packet() type=4
gpg: DBG: free_packet() type=4
gpg: DBG: build_packet() type=11
gpg: DBG: iobuf-5.1: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-5.1: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-5.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-5.0: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-5.0: A->FILTER() returned rc=0 (ok), read 194 bytes
gpg: DBG: iobuf-5.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-5.0: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-5.0: A->FILTER() returned rc=-1 (EOF), read 0 bytes
gpg: DBG: PATH|FILE: close fd/handle 488
gpg: DBG: fd_cache_close (PATH|FILE) new slot created
gpg: DBG: iobuf-5.1: A->FILTER() returned rc=0 (ok), read 194 bytes
gpg: DBG: iobuf-5.1: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-5.1: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-5.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: iobuf-5.0: underflow: eof (pending eof)
gpg: DBG: iobuf-5.1: A->FILTER() returned rc=-1 (EOF), read 0 bytes
gpg: DBG: iobuf-5.1: pop in underflow (nothing buffered, got EOF)
gpg: DBG: iobuf chain: 5.0 ‘?’ filter_eof=0 start=0 len=0
gpg: DBG: iobuf-5.0: underflow: buffer size: 8192; still buffered: 0 => space for 8192 bytes
gpg: DBG: free_packet() type=11
gpg: DBG: get_keygrip for public key
gpg: DBG: keygrip= 2D 30 C4 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
gpg: DBG: chan_0x000001d4 → RESET
gpg: DBG: chan_0x000001d4 ← OK
gpg: DBG: chan_0x000001d4 → SIGKEY 2D30C4xxxxxxxxxxxxxxxxxxxxxxxxxxx
gpg: DBG: chan_0x000001d4 ← OK
gpg: DBG: chan_0x000001d4 → SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22+xxxxxxxxxx@xxxxxxx.com%22%0A4096-bit+RSA+key,+ID+3671xxxxxxxxx,%0Acreated+2020-xx-xx.%0A
gpg: DBG: chan_0x000001d4 ← OK
gpg: DBG: chan_0x000001d4 → SETHASH 8 4C39Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
gpg: DBG: chan_0x000001d4 ← OK
gpg: DBG: chan_0x000001d4 → PKSIGN
gpg: DBG: chan_0x000001d4 ← S INQUIRE_MAXLEN 255
gpg: DBG: chan_0x000001d4 ← INQUIRE PASSPHRASE
gpg: DBG: chan_0x000001d4 → D
gpg: DBG: chan_0x000001d4 → END
gpg: DBG: chan_0x000001d4 ← ERR 671xxxxxxxxx Bad passphrase
gpg: signing failed: Bad passphrase
gpg: DBG: build_packet() type=8
gpg: DBG: enter deflate: avail_in=224, avail_out=8192, flush=0
gpg: DBG: leave deflate: avail_in=0, avail_out=8192, n=0, zrc=0
gpg: DBG: iobuf-6.1: close ‘compress_filter’
gpg: DBG: enter deflate: avail_in=0, avail_out=8192, flush=4
gpg: DBG: leave deflate: avail_in=0, avail_out=8051, n=141, zrc=1
gpg: DBG: iobuf-6.0: close ‘file_filter(fd)’
gpg: DBG: PATH|FILE.gpg: close fd/handle 496
gpg: DBG: fd_cache_close (496) real
gpg: DBG: iobuf-5.0: close ‘?’
gpg: signing failed: Bad passphrase
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=3 locks=0 parse=4 get=4
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=4 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=6 cached=6 good=6 bad=0
gpg: random usage: poolsize=600 mixed=1 polls=0/4 added=77/916
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x00000000 calls=0 bytes=0
gpg: secmem usage: 1376/32768 bytes in 3 blocks

Hi Tiita,

checkout using the parameters “–default-key” to explictly set a key to use.
(Maybe “–encrypt-to” is also interesting to additional encrypt to the right one of your several keys.)

Best,
Bernhard

YEY! amazing

that was it!

here’s the working code, if anyone is interested or will need it in the future

gpg.exe --pinentry-mode=loopback --batch --default-key --sign --passphrase <PATH\FILE>

Thank you for your help :slight_smile: