Question about using additional keyrings

David Shaw dshaw at
Thu Mar 5 06:02:21 CET 2009

On Mar 4, 2009, at 11:20 PM, Faramir wrote:

> Well, I followed the tutorial that shows how to use just subkeys
> (without the main key), in order to keep the main key a bit safer than
> usual. But that made me play a bit with the GPGShell options for GPG,
> and managed to make it work, allowing to easily access my "whole"  
> keys,
> and to switch to subkeys after using them. The "magic" is done by  
> adding
> the following line to gpg.conf:
> secret-keyring z:\gpghome\secring.gpg
> (that's the location of the secring that has the unedited keys)
> But my question is: what does that line do? When it is in gpg.conf, do
> I have the 2 secrings at the same time, or it replaces the usage of  
> the
> keyring located in gpghome with the one on my z drive?

Here's how it works: GPG allows for multiple public keyrings (via  
"keyring") and multiple secret keyrings (via "secret-keyring").  The  
default public keyring is $GNUPGHOME/pubring.gpg.  The default secret  
keyring is $GNUPGHOME/secring.gpg.  Any keyrings, public or secret,  
that you add are in addition to those defaults.  If you don't want the  
defaults to be present at all, use --no-default-keyring.

Thus in your case, you have two secret keyrings, unless there is a -- 
no-default-keyring somewhere or $GNUPGHOME/secring.gpg does not exist.


More information about the Gnupg-users mailing list