gpg vs gpgv default keyring directory...

gabriel rosenkoetter gr at eclipsed.net
Wed Dec 3 14:04:25 CET 2003


On Wed, Dec 03, 2003 at 05:46:57AM -0800, Bob Avery-Babel wrote:
> Answer:
> "gpgv uses a different trust model and stores its keys in a separate
> file under a different name."

That is true, and is clearly documented in gpgv(1):

  FILES
         ~/.gnupg/trustedkeys.gpg
                   The default keyring with the allowed keys

gpg(1) looks at a different file:

  FILES
  [...]
         ~/.gnupg/pubring.gpg
                   The public keyring
  
         ~/.gnupg/pubring.gpg.lock
                   and the lock file

Note the presence of a lock file for gpg(1). This is because gpg(1)
can actually edit keyrings, whereas gpgv(1) purposely cannot.

I expect that gpgv(1) is intended to be used for automated processes
which should never download new PGP keys from a keyserver. gpg(1)
can be configured, though ~/.gnupg/gpg.conf, to automatically
retrieve unrecognized keys from a keyserver (and there are probably
some other pubring modification operations that can be set to happen
automatically when you run gpg that I'm forgetting).

The point would be for gpgv(1) to always present exactly the same
interface while you continued to use gpg(1) for day to day
interaction.

If you want to just verify things with a keyring that you can be
sure won't get modified unless you actively modify it, export the
public keys you want it to verify into ~/.gnupg/trustedkeys.gpg and
use gpgv(1). If you don't really care, then use `gpg -v`.

-- 
gabriel rosenkoetter
gr at eclipsed.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : /pipermail/attachments/20031203/959c4b01/attachment-0001.bin


More information about the Gnupg-users mailing list