On Sun 2018-09-23 18:18:13 +0200, Peter Lebbing wrote: > The intent of this mail is not to ask whether something works. This can > be easily verified. It's asking whether it is a supported way of doing > things. I hope I can get some guidance on this!
I appreciate that you're asking for clarification about what is the scope of GnuPG's "API", such as it is. We do need more clarity here. i don't have the authority to answer your questions about the contents of ~/.gnupg/private-keys-v1.d/, but i'd always thought that the internals of ~/.gnupg/ were *not* part of the "API", and generally should not be relied upon. I hope that Werner or someone else more closely related to the project can clarify here. > While I'm at it: there are conflicting opinions on whether it is okay to > build a keyring using: > $ gpg --export SOMEKEY >pubring.gpg > instead of: > $ gpg --export SOMEKEY | gpg --no-default-keyring --keyring ./pubring.kbx > > Can we also get official guidance on that; is the former acceptable? > (FWIW, I've always thought it was not.) The former statement is a way to create a simple, exported OpenPGP "transferable public key" (TPK) of the form described in RFC 4880. This is the most interoperable form, if you're looking to export a specific key for transfer into any other implementation (including other versions of GnuPG). This is not only "acceptable" but it is normal, standardized, and widely interoperable. Traditionally, GnuPG keyrings have been just a linear concatenation of TPKs interspersed with "Trust Packets". The more modern keybox (the default in 2.1 and going forward) is different from that format, though. The latter statement doesn't even have a GnuPG command on the tail end of the pipe, but i assume you intended for it to be --import. is that right? In that case, it creates a keyring of whatever format the current version of gpg uses by default. But the real question is: why do you need this, and what do you intend to do with it? creating a keyring for a specific version of GnuPG may be useful in some contexts, but it's also pretty dicey to use in many other contexts. Perhaps explaining what you're looking to do with this file you're creating would help to decide whether the latter form is better for your purpose. Regards, --dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users