Question about using additional keyrings
David Shaw
dshaw at jabberwocky.com
Thu Mar 5 06:02:21 CET 2009
On Mar 4, 2009, at 11:20 PM, Faramir wrote:
> Well, I followed the tutorial that shows how to use just subkeys
> (without the main key), in order to keep the main key a bit safer than
> usual. But that made me play a bit with the GPGShell options for GPG,
> and managed to make it work, allowing to easily access my "whole"
> keys,
> and to switch to subkeys after using them. The "magic" is done by
> adding
> the following line to gpg.conf:
>
> secret-keyring z:\gpghome\secring.gpg
> (that's the location of the secring that has the unedited keys)
>
> But my question is: what does that line do? When it is in gpg.conf, do
> I have the 2 secrings at the same time, or it replaces the usage of
> the
> keyring located in gpghome with the one on my z drive?
Here's how it works: GPG allows for multiple public keyrings (via
"keyring") and multiple secret keyrings (via "secret-keyring"). The
default public keyring is $GNUPGHOME/pubring.gpg. The default secret
keyring is $GNUPGHOME/secring.gpg. Any keyrings, public or secret,
that you add are in addition to those defaults. If you don't want the
defaults to be present at all, use --no-default-keyring.
Thus in your case, you have two secret keyrings, unless there is a --
no-default-keyring somewhere or $GNUPGHOME/secring.gpg does not exist.
David
More information about the Gnupg-users
mailing list