GPG keys not shared between Windows and Visual Studio Code dev container... what I'm doing wrong?

Question

As explained in Sharing GPG Keys official documentation:

• I'm running Windows and I've installed Gpg4win
• I've configured the key using the Windows GUI

Keys is listed correctly:

PS C:\Users\Me\Desktop> gpg --list-secret-keys --keyid-format=long
C:\Users\Marco\AppData\Roaming\gnupg\pubring.kbx
------------------------------------------------
sec   rsa4096/XXXXXXXXXXXXXXXX 2023-07-05 [SC]
      XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
uid                 [ultimo] Foo Bar <[email protected]>

Signing works:

PS C:\Users\Me\Desktop> echo "test" | gpg --clearsign
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

test
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEVV9Sk5sPcoW0btIkDAmJpRNphkAFAmSlI+kACgkQDAmJpRNp
hkDFSw/+M8i/RDpcUasa1NaS41OFx1BOHhAOUkr7RzwS3szJYGTJqMskZqKHnIDY
oJY6my7Uj3oaEIoXn57EZJMd37Wm1jrrMIsK67uL+1HAaBm51qx7Y4RE2JsUCxjT
On5SKtQrbqpfnyCurKCZ6gq9StEjf+xWComDj7G2ISZnlxwhxcQagIX1O5ktmn0P
Tqqnnr8uKGja20lI3dm1BjFNRJBghYE6cdl/vmYaoJ7T/5nwi+BCorOcj+ZaehUQ
Ea8zsgnhAXRXYH5RShQ7T4ALjMx0Jaq5QGb0lq36w3r2GrNGMWYC5k8x/Wvyoi1r
7uTue2AhQ7xxW1BuivTIUcsNEI3ptf2dChmGSi8yHxBtYrJhjdR7ovPaxcLYM3rN
6o1NZPr6AasRxkMNecLWFIgoBUUW1JVLhqT4AwT+DGW0/lnafDTm4bHYxVHnvYi5
Fo6QI5X43jynCyngIl8bFvp58FGEVNltGH6FwNmn0aJ4tWd9DRUdSIv5zs69p28C
D3URvYa+mZAlDsRQIMYGU05cyJqnHEUnWAgrC+saxQPnCTztVEJaxnaLHDaZnkKs
D7xtBOvfypi3X6wCiYFGdd1XBMBzTZZoQBsHa8kRv/a6+qH7qiiJc+uzDd/B3i0k
dGVafetxAHSSSV5LipUsAv9KF0X0DOFVJCuNl/alcTKsPArvb+k=
=VrEc
-----END PGP SIGNATURE-----

My dev container has gpg and gnupg2 already installed.

root@741303da2f51:/var/www/html# apt list gpg   
Listing... Done
gpg/stable,now 2.2.40-1.1 amd64 [installed,automatic]

root@741303da2f51:/var/www/html# apt list gnupg2
Listing... Done
gnupg2/stable,now 2.2.40-1.1 all [installed]

Inside the container however, nothing works. First run of gpg --list-secret-key:

root@e2af1977ecfc:/var/www/html# gpg --list-secret-key
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created

On subsequent run of gpg --list-secret-key, it returns nothing.

root@e2af1977ecfc:/var/www/html# echo "test" | gpg --clearsign
gpg: no default secret key: No secret key
gpg: [stdin]: clear-sign failed: No secret key

Answer 1

This is caused by Win4gpg (and GnuPG) recently moving away from kbx keyring to more performant SQLite database keyboxd by default.

With Gpg4win >4.2 all you have to do to migrate back to kbx:

C:\> gpg-disable-keyboxd

This should be all you have to do for devcontainer to pickup the keyring (don't forget to rebuild container).