can't work on armoured keyring

David Shaw
Wed Apr 23 16:21:02 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Apr 23, 2003 at 12:39:53PM +0200, Michael Nahrath wrote:
> David Shaw wrote:
> >>$ gpg -a --export 5B0358A2 99242560 > test.gpgkey
> >>$ gpg --no-default-keyring --keyring ./test.gpgkey --list-keys
> >>gpg: [don't know]: invalid packet (ctb=3D2d)
> >>gpg: keydb_search_first failed: invalid packet
> >>Seems like GPG (same behaviour in all versions from 1.06 through 1.2.2r=
> >>is unable to deal with a keyring if it is ASCII-armoured.
> >>
> >>Is this	* a bug?
> >>	* a known limitation?
> >>	* technically neccesary?
> >=20
> >=20
> > A known limitation, and (weakly) necessary in that it makes a lot of
> > keyring management easier.  While everyone does it anyway, the keyring
> > files aren't really intended to be used without using --import and
> > --export.
> Is thre any difference betwheen a working keyring and a (binary) exported
> keyring?

Yes and no.  While it will work in the current version of GnuPG, this
cannot be relied upon forever.  The OpenPGP standard dictates how keys
can be transported (i.e. via --export/--import), but there is no rule
for how to store the keyrings.  For example, there could be a version
of GnuPG that uses a database as the "keyring".

The truly safe way to take a file (binary or ascii) and make it into a
new keyring is:

gpg --no-default-keyring --keyring ./my-new-keyring.gpg --import the_file

Do what you need to do to my-new-keyring.gpg, and then:

gpg --no-default-keyring --keyring ./my-new-keyring.gpg --export the_file

(you can add --armor here if you desire).

> If I do
> $ gpg --no-default-keyring --keyring ./test.gpg --import ./bin-keyring.gpg
> shouldn't ./test.gpg and ./bin-keyring.gpg be identical (assuming
> ./bin-keyring.gpg doesn't contain errors)?

Not necessarily.  There are things that won't be imported (local
signatures, some special packets, etc).


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.2rc2 (GNU/Linux)