GnuPG 2.1.x and 2.2.x keyring formats

Jeffrey Stedfast jestedfa at
Thu Dec 7 21:03:54 CET 2017

Hi Werner,

Thanks so much for taking the time to respond with such valuable information!


On 12/7/17, 2:05 PM, "Werner Koch" <wk at> wrote:

    Hi Jeff,
    On Thu,  7 Dec 2017 16:52, gnupg-devel at said:
    > 1. What is the file format of the *.key files in the private-keys-v1.d directory?
    See gnupg/agent/keyformat.txt (also copied below). But note that this is
    a private property of GnuPG and you should take care when accessing them
    > 2. How are these files named? Does the file name correspond with a
    > fingerprint / key id?
    this is the the keygrip with the suffix ".key".  To view the keygrip,
      gpg --with-colons -K
    and grep for the "grp" records.  Such records follow after "sec", "ssb",
    "pub", or "sub" records.  To get them in a huma readable format use
      gpg --with-keygrip -K
    > 3. Does gpg still use pubring.gpg?
    As long as there is no pubring.kbx and existing pubring.gpg will be
    used.  If you have a pubring.kbx from gnupg 2.0 (gpgsm always used this)
    but that one has no OpenPGP key and existing pubring.gpg is also used.
      kbxutil pubring.kbx | head
    shows a flag line which indicates whether an openPGP key exists.
    > I'm asking these questions because I have a C# email library that uses Bouncy Castle for OpenPGP support that I'm trying to make interoperable with GnuPG as much as I can.
    Hmmm.  I can't give an offical guarantee that the format will always be
    the same.  The keygrip is computed by a function in Libgcrypt.

More information about the Gnupg-devel mailing list