GnuPG 2.1.x and 2.2.x keyring formats
jestedfa at microsoft.com
Thu Dec 7 21:03:54 CET 2017
Thanks so much for taking the time to respond with such valuable information!
On 12/7/17, 2:05 PM, "Werner Koch" <wk at gnupg.org> wrote:
On Thu, 7 Dec 2017 16:52, gnupg-devel at gnupg.org said:
> 1. What is the file format of the *.key files in the private-keys-v1.d directory?
See gnupg/agent/keyformat.txt (also copied below). But note that this is
a private property of GnuPG and you should take care when accessing them
> 2. How are these files named? Does the file name correspond with a
> fingerprint / key id?
this is the the keygrip with the suffix ".key". To view the keygrip,
gpg --with-colons -K
and grep for the "grp" records. Such records follow after "sec", "ssb",
"pub", or "sub" records. To get them in a huma readable format use
gpg --with-keygrip -K
> 3. Does gpg still use pubring.gpg?
As long as there is no pubring.kbx and existing pubring.gpg will be
used. If you have a pubring.kbx from gnupg 2.0 (gpgsm always used this)
but that one has no OpenPGP key and existing pubring.gpg is also used.
kbxutil pubring.kbx | head
shows a flag line which indicates whether an openPGP key exists.
> I'm asking these questions because I have a C# email library that uses Bouncy Castle for OpenPGP support that I'm trying to make interoperable with GnuPG as much as I can.
Hmmm. I can't give an offical guarantee that the format will always be
the same. The keygrip is computed by a function in Libgcrypt.
More information about the Gnupg-devel