can't work on armoured keyring
David Shaw
dshaw@jabberwocky.com
Wed Apr 23 04:36:03 2003
--qMm9M+Fa2AknHoGS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Apr 22, 2003 at 08:40:35PM +0200, Michael Nahrath wrote:
> I downloaded a community's keyring from a website. It is ASCII-armored and
> served via http: as 'application/pgpkeys' according to RFC 3156.
>=20
> Unfortunately I get errors whenever I try to work on this keyring without
> importing it. You may try on your own:
>=20
> $ gpg -a --export 5B0358A2 99242560 > test.gpgkey
> $ gpg --no-default-keyring --keyring ./test.gpgkey --list-keys
> gpg: [don't know]: invalid packet (ctb=3D2d)
> gpg: keydb_search_first failed: invalid packet
> $ gpg --no-default-keyring --keyring ./test.gpgkey --check-sigs
> gpg: [don't know]: invalid packet (ctb=3D2d)
> gpg: keydb_search_first failed: invalid packet
>=20
> Nevertheless
> $ gpg --list-packets ./test.gpgkey
> works fine.
>=20
> Seems like GPG (same behaviour in all versions from 1.06 through 1.2.2rc2)
> is unable to deal with a keyring if it is ASCII-armoured.
>=20
> Is this * a bug?
> * a known limitation?
> * technically neccesary?
A known limitation, and (weakly) necessary in that it makes a lot of
keyring management easier. While everyone does it anyway, the keyring
files aren't really intended to be used without using --import and
--export.
If you want to use an armored file as a keyring without --import-ing
it first, use "gpg --dearmor" on it and then you can use it as a
keyring. When you are done, just use "gpg --armor --export >
allmykeys.asc" to return it to armored form.
> We still would like to provide this keyring in a form that was suitable to
> do WoT-annalysis etc. without further modifications.
> Do we have to provide it in binary form for this?
No. It depends on the program that does your analysis. Either way,
it is easy to convert back and forth.
> What is the correct MIME-type for a binary keyring file?
application/octet-stream, but you could make up your own x-type, of
course. The application/pgp-keys type is reserved for ascii armored
data.
David
--qMm9M+Fa2AknHoGS
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc2 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc
iD8DBQE+pfxP4mZch0nhy8kRAu2zAJ0ZIW1zJI1jbSoCbw4wB/SuEd7zIQCgwgDz
TkrYnNAigyRnzjKdRtOTkeA=
=+crS
-----END PGP SIGNATURE-----
--qMm9M+Fa2AknHoGS--