Why 2.1 is delayed for so long

Ximin Luo infinity0 at pwned.gg
Sat Sep 20 14:15:21 CEST 2014


On 20/09/14 12:49, Ximin Luo wrote:
> On 20/09/14 11:23, Werner Koch wrote:
>> On Sat, 20 Sep 2014 04:44, infinity0 at pwned.gg said:
>>
>> The reason for having the secret material all in one place is the
>> standard crypto practice of placing your eggs/keys all into one basket
>> and guard them closely.  You may even symlink the private-key-v1.d to share
>> them between different (test) installations.
>>
> 
> OK, this is less of an issue than I originally thought. My original concern was for applications like caff, that want to do things separately on the side, so as to not pollute the user's keyrings. But looking at them, they all seem to work on public keys only, rather than secret keys.
> 
> But maybe a future one will want a separate pool for secret keys. So it would be good to add a --auto-launch-agent option, to automatically launch a new gpg-agent if the current one has a different --homedir.
> 
> At least, the manual page should be updated to say --secret-keyring is now ignored (and to point to the new location).
> 

It seems --delete-secret-key $UID will now select public keys as well, and offer them for deletion but do a no-op if you go ahead with it.

# Correct behaviour in gpg 1.4:
$ gpg --delete-secret-key dkg
[..]
gpg: key "dkg" not found: eof
gpg: dkg: delete key failed: eof
2

$ gpg2 --delete-secret-key dkg
[..]

sec  rsa4096/CCD2ED94D21739E9 2007-06-02 Daniel Kahn Gillmor <dkg at fifthhorseman.net>

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y

# key still here, though
$ gpg2 --delete-secret-key dkg
[..]

sec  rsa4096/CCD2ED94D21739E9 2007-06-02 Daniel Kahn Gillmor <dkg at fifthhorseman.net>

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y

X

-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140920/b8452968/attachment.sig>


More information about the Gnupg-devel mailing list