Keys listed twice when --keyring used - request to filter
Marcus Brinkmann
marcus.brinkmann at ruhr-uni-bochum.de
Mon Sep 12 14:24:56 CEST 2005
At Tue, 06 Sep 2005 05:21:51 -0600,
Kurt Fitzner <kfitzner at excelcia.org> wrote:
> The GPGME library has no command to return the name of the keyrings that
> GnuPG is using by default.
In fact, gpg doesn't have a way to return the name of the keyrings
that it is using by default. You have to figure it out from the
configuration file. I haven't checked it out, but those filenames
could even be relative instead of absolute, adding another complication.
> So, it is difficult for a front-end (one
> that uses GPGME) to determine what the configured keyrings are. Thus,
> when a front-end allows the specification of extra keyring files, it is
> difficult to determine if this will cause duplicate keys to appear.
GPGME doesn't allow the specification of extra keyring files, and thus
I don't see how you could allow it in the application, unless you are
mixing GPGME with your own gpg invocations. The latter is possible,
but can lead to inconsistencies as you describe quite naturally. Also
for example that a key can be found in the "with extra keyrings gpg
invocation", but not with GPGME operations.
It is our opinion that keyring settings are a crypto engine
configuration that should be done in gpg.conf (thus setting it for all
applications). If you need total control over the crypto backend, you
can from 1.1.x on create a separate .gnupg home directory and activate
it on a per-gpgme context (or per application) with
gpgme_set_engine_info.
Thanks,
Marcus
More information about the Gnupg-devel
mailing list