can't work on armoured keyring

David Shaw dshaw@jabberwocky.com
Wed Apr 23 04:36:03 2003


--qMm9M+Fa2AknHoGS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Apr 22, 2003 at 08:40:35PM +0200, Michael Nahrath wrote:
> I downloaded a community's keyring from a website. It is ASCII-armored and
> served via http: as 'application/pgpkeys' according to RFC 3156.
>=20
> Unfortunately I get errors whenever I try to work on this keyring without
> importing it. You may try on your own:
>=20
> $ gpg -a --export 5B0358A2 99242560 > test.gpgkey
> $ gpg --no-default-keyring --keyring ./test.gpgkey --list-keys
> gpg: [don't know]: invalid packet (ctb=3D2d)
> gpg: keydb_search_first failed: invalid packet
> $ gpg --no-default-keyring --keyring ./test.gpgkey --check-sigs
> gpg: [don't know]: invalid packet (ctb=3D2d)
> gpg: keydb_search_first failed: invalid packet
>=20
> Nevertheless
> $ gpg --list-packets ./test.gpgkey
> works fine.
>=20
> Seems like GPG (same behaviour in all versions from 1.06 through 1.2.2rc2)
> is unable to deal with a keyring if it is ASCII-armoured.
>=20
> Is this	* a bug?
> 	* a known limitation?
> 	* technically neccesary?

A known limitation, and (weakly) necessary in that it makes a lot of
keyring management easier.  While everyone does it anyway, the keyring
files aren't really intended to be used without using --import and
--export.

If you want to use an armored file as a keyring without --import-ing
it first, use "gpg --dearmor" on it and then you can use it as a
keyring.  When you are done, just use "gpg --armor --export >
allmykeys.asc" to return it to armored form.

> We still would like to provide this keyring in a form that was suitable to
> do WoT-annalysis etc. without further modifications.
> Do we have to provide it in binary form for this?

No.  It depends on the program that does your analysis.  Either way,
it is easy to convert back and forth.

> What is the correct MIME-type for a binary keyring file?

application/octet-stream, but you could make up your own x-type, of
course.  The application/pgp-keys type is reserved for ascii armored
data.

David

--qMm9M+Fa2AknHoGS
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc2 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc

iD8DBQE+pfxP4mZch0nhy8kRAu2zAJ0ZIW1zJI1jbSoCbw4wB/SuEd7zIQCgwgDz
TkrYnNAigyRnzjKdRtOTkeA=
=+crS
-----END PGP SIGNATURE-----

--qMm9M+Fa2AknHoGS--