Importing keys

Bob Henson bob.henson at
Wed Sep 14 15:51:34 CEST 2005

Mica Mijatovic wrote:
>     Was Wed, 14 Sep 2005, at 10:42:10 +0100,
>     when Bob wrote:
>>> I can't find anything in the man page about key import file formats.
>>> Other than ascii files, can GnuPG import any other file formats and if
>>> so what?
> Every file containing a valid key data can be imported by GnuPG,
> regardless the file extension and the file format.
> As I know there are only two formats: ascii ("armored"), which is
> actually a plain text format, and the binary format (the one not very
> readable by a human).
> GnuPG (as a genuinely *nix application) reads and recognizes actually
> the file format primarily and doesn't pay attention at its "extension"
> (as is the case with Windows).
> Usually, extensions for these formats are:
> ascii                 binary
> =====                 ======
> .txt                  .gpg
> .asc                  .pgp
> .sec                  .sig        etc.
> .pub
> .rev      etc.
> GnuPG also can read (import) properly even if a file has no any
> extension, and/or if a file has _any_ extension, even mangled one or
> completely arbitrary one.
> It will, for instance, properly import a valid key data even if a file
> is with extension key.jpg (mangled extension), key (no extension) and
> key.fricassee (arbitrary extension).
> (PGP, though, as an exclusively Windows application, will be deluded by
> such extensions, and will say it doesn't recognize the file format, even
> without reading it, so that will import nothing.)

Thanks, that's what I was trying to find out. I was confused by all the
formats (and their extensions) for sharing information - .pfx .p7b .cer etc.
I was trying to use data from Windows and import to GPG. As you remark, the
extension is irrelevant, so long as the file is DER encoded binary (
possibly base 64 as well? - I haven't tried that). I have managed (don't ask
me how) to get what appears to be a working x.509 certificate from Thawtes
onto my GPG keyring, and have self signed it. I thought I'd have a go at
getting another onto the keyring, but didn't know what format to export it
from Windows. It would appear that I can only export the *public* keys from
the X.509 certs as binary files - the key pairs will only export in .pfx
format, which GPG won't import, so I guess it's some sort of Windows
proprietary format.

This is more or less for academic interest only, and I am only able to work
on an empirical basis, not understanding the technicalities involved - but
when, as I am, you're crocked and stuck indoors and have nothing else to do
it seemed like a good idea :-)



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050914/2ad649f4/signature-0001.pgp

More information about the Gnupg-users mailing list