Further thoughts on Windows Install

Peter Pentchev roam at ringlet.net
Wed Apr 22 21:27:38 CEST 2009

On Wed, Apr 22, 2009 at 11:38:55AM -0400, Faramir wrote:
> Hash: SHA256
> > What's wrong with just --export ing the public/private keys, and 
> > importing them into win2000?
>   Well, if he does it that way, he would have to re-download the keys of
> his contacts again...

No.  That's what --export does by default.  He would just have to
add --export-secret-keys to *also* get his own secret keys :)

> ...and set the trust level for each one again...

No.  That's what --export-ownertrust does.

> If he keeps both his pubring and trustdb, he doesn't need to re do all that.

Yes, that's true.  However, this could lead to problems if some day
the format of GnuPG's keyring files should change, and especially
if it should change in some architecture-specific way.

> And th config file would have to be rewritten, if he has such file (if
> he doesn't, then he doesn't need it).

Well, the config file could be copied, it's plain text.  The issue
here is that the keyring files are not guaranteed to be in any kind
of format that is compatible with anything else, including a GnuPG
version on any other architecture or even another GnuPG version on
the same architecture.  Well, of course, it would be a pain if
a future GnuPG version would not be able to read the current version's
files, but it *could* happen one day.  Of course, I'm NOT speaking
for the GnuPG developers in any way!  It's just what I gather from
the glaring lack of any mentioning of the format of the keyring files
in any official documentation - IMHO, that's on purpose, and it's
completely understandable and a good thing, too :)

The only guaranteed, portable way to transfer one's keyrings is
by running GnuPG three times:

  gpg --export --armor > pubkeys.txt
  gpg --export-secret-keys --armor > seckeys.txt
  gpg --export-ownertrust > ownertrust.txt

...then copying those files over to the other installation and
importing them there with the --import, --import-secret-keys, and
--import-ownertrust options.

Still, for the present, all keyrings on all versions of GnuPG seem
to be compatible, so, *for the present*, it is easier to just copy
the files over.  The whole point is, that's not guaranteed to work
forever :)


Peter Pentchev	roam at ringlet.net    roam at space.bg    roam at FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
What would this sentence be like if it weren't self-referential?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: </pipermail/attachments/20090422/05f8d2ae/attachment.pgp>

More information about the Gnupg-users mailing list