Some versions of Gnome Keyring hijack the connection to GPG Agent (they add themselfs as man-in-the-middle between gpg/gpgsm and gpg-agent) by setting the GPG_AGENT_INFO environment variable to point to itself. It then filters all communication with gpg-agent.

For Ubuntu this is the distribution default, see PlatformNotes.

gpg (since version TODO) detects this and issues the following warning:

gpg: WARNING: The GNOME keyring manager hijacked the GnuPG agent.
gpg: WARNING: GnuPG will not work properly - please configure that tool to not interfere with the GnuPG system!

You can read more about the issue here according to both the GnuPG developers and the Gnome Keyring developers. The motivation for hijacking the connection is that Gnome Keyring wants to:

1. provide a pretty dialog for requesting the user's passphrase
2. save the user's passphrase in Gnome Keyring's storage so that the user doesn't need to enter the pass phrase.

Unfortunately, Gnome Keyring's implementation of that internal GnuPG protocol is incomplete. Thus although many operations work, in particular, working with smart cards results in errors that look like this:

$ echo | gpg2 --sign
gpg: WARNING: The GNOME keyring manager hijacked the GnuPG agent.
gpg: WARNING: GnuPG will not work properly - please configure that tool to not interfere with the GnuPG system!
gpg: selecting openpgp failed: Unsupported certificate
gpg: signing failed: Unsupported certificate

It is also not possible to use gpgsm (the S/MIME part of GnuPG) and the bug makes it easier to brute-force a passphrase (300 times on a 4 year old laptop).

The easiest way to avoid this problem is to uninstall Gnome Keyring. If that is not an option it is possible to prevent Gnome Keyring from hijacking gpg-agent.

1. For Gnome on Debian, see this blog by Simon Josefsson.
2. For a general solution, see: this blog by Gniibe.