gpg --gen-key keyring behaviour

zem zem at vigilant.tv
Sun May 25 05:20:02 CEST 2003


On Sat, 24 May 2003 12:55 pm, David Shaw wrote:

> Hmm.  Are you sure you are using 1.2.1 ?  If so, do you have a
> "keyring xxx" line in your gpg.conf file?  GnuPG will only create a
> new keyring if it is the first ring specified.

Ah.  Yes, there's a 'keyring' line in my config file.  I'm using 1.2.1, 
from the OpenBSD 3.3 ports tree.

When you say '..the first ring specified', do you mean both the first 
public and the first secret; or just the very first of either type?

Shouldn't '--no-default-keyring' cause the keyring specified on the 
command line to be considered the first, and subsequently created?

> This one is not a bug, it's a feature.  %pubring and %secring are
> used to write the key into a new set of keyring files, and so are
> documented (in doc/DETAILS) to overwrite.  As you have discovered, if
> that is not the behavior you want, you can use --keyring and
> --secret-keyring to append the new key to a file.

You're right, my bad.  I missed that in the DETAILS description.  
Presumably I can use this to get the desired keyring creation behaviour 
in 1.2.1.

I'm calling gpg in batch mode from another application, and trying to 
keep any keys I generate separate from existing keyrings.  Am I going 
about it the right way by specifying keyring filenames directly, or 
would it be more appropriate to use --homedir?  


-- 
mailto:zem at vigilant.tv F289 2BDB 1DA0 F4C4 DC87 EC36 B2E3 4E75 C853 FD93
http://vigilant.tv/    "..I'm invisible, I'm invisible, I'm invisible.." 






More information about the Gnupg-devel mailing list