Keyrings file format
dshaw at jabberwocky.com
Tue Jan 6 14:27:23 CET 2009
On Jan 6, 2009, at 4:58 AM, David Paleino wrote:
> Hello ,
> I'm writing a CLI library (in C# -- to be used with all CLRs, i.e.
> Mono, .NET
> and DotGNU Portable .NET) to give GnuPG's functionalities to "end-
> My library currently parses the output of `gpg --with-colons`, but
> I'd like to
> give its users the ability to directly act on the keyrings in
> Is the format documented anywhere?
A GnuPG keyring is defined in RFC-4880 (http://tools.ietf.org/html/rfc4880
). Basically the pubring is a series of "Transferable Public
Keys" (section 11.1) concatenated together. The secring is a series
of "Transferable Secret Keys" (section 12.1) concatenated together.
Note, though, section 3.6 of the RFC:
A keyring is a collection of one or more keys in a file or database.
Traditionally, a keyring is simply a sequential list of keys, but
be any suitable database. It is beyond the scope of this standard
discuss the details of keyrings or other databases.
It is perfectly legal for a program to use some internal method for
storing keys that isn't the traditional "file with a lot of key
packets" method. The only thing that is required is that the
transferable (i.e. exported) format conforms to the spec. If you
really want to really future-proof yourself against potential storage
format changes, avoid reading pubring.gpg or secring.gpg yourself, and
instead have your library parse the output of "gpg --export" or "gpg --
export-secret-keys". Today, these are identical, but in the future,
they might not be.
All that said, what are you trying to do, exactly? What information
do you need to get from the keys that isn't available now?
More information about the Gnupg-devel