Migration gnupg 2.0.x to gnupg 2.1.x

Andre Heinecke aheinecke at intevation.de
Mon Jul 24 09:34:07 CEST 2017


Hi,

On Thursday, July 20, 2017 11:57:12 AM CEST Lukas Pitschl | GPGTools wrote:
> we’re currently in the process of preparing the migration from gnupg 2.0.x 
to gnupg 2.1.x as default in GPG Suite for the near future.
> During the process of testing the migration, the following questions came 
up. It would be great if you could share your experience and knowledge with us 
in that regard:
> 
> - Is there a document listing all the options which are no longer available?
>   -> we’ll have to comment these out upon installation

I don't think there are any, do you have an example? The main "feature loss" 
was the removed support for PGP 2 keys. And some changes regarding pinentry / 
gpg-agent.

You always need gpg-agent (which is now autostarted) and to make the 
passphrase options work you need to set pinentry-mode loopback.

> - Is there a document listing all the options which replace older options 
(but work the same)?

Not directly but:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/whats-new-in-2.1.txt

Is a good read.

>   -> we would like to automatically migrate these

Probably the pinentry-mode loopback may be an issue for you.

> - Smart card stubs are not available after migration. Is this by design? 
Why? Is there any better method to have them in the migrated keyring as well, 
without running `gpg —card-status`?

No idea from me.

> - Are there any keys which are no longer supported and the user will lose 
access to after migration?

Yes old PGP-2 Keys will no longer work.

> - How do you handle the migration in gpg4win?

As we use GPGME we don't have much worry. We don't warn about PGP-2 Keys 
because they are not really an issue for us as far as we see it. We mention it 
in the news.

For us the main user facing change is that gpg2 is now called gpg. I still 
have it on my TODO to write a small "Migration guide for administrators" that 
use Batch scripts utilising gpg4win. But there won't be much. Mainly the name 
change, pinentry mode loopback, and a word about the fact that globbing on the 
command line no longer works.

But for most of our users that only use the GUI we don't expect much trouble. 
And so far have not got any "showstopper" issues with our current Betas.

Regards,
Andre

-- 
Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20170724/b7617613/attachment.sig>


More information about the Gnupg-devel mailing list