The Facts:

Werner Koch wk at gnupg.org
Sat Nov 15 21:24:19 CET 2014


On Sat, 15 Nov 2014 19:10, johanw at vulcan.xs4all.nl said:

> I believe there exist some differences between gpg2 keyrings and gpg 1.x
> keyrings, but I don't know the details. Does gpg2 still use trustdb.gpg?

No.  Only with 2.1 tehre is the new keybox format (pubring.kbx) which
will be used for new installations but an existing pubring.gpg from pre
2.1 will be used if it exists.

> And since gpg 2.1 dropped v3 key support, how does it react on a keyring
> with v3 keys in it?

At the next write access to the keyring v3 keys are removed.

David send me one of his mails privately without mentioning that he also
send he to the ML :-(.  I looked at it anyway; see below.


Salam-Shalom,

   Werner


On Sat, 15 Nov 2014 12:58, david at gbenet.com said:

> sec   4096R/AAD8C47D 2014-08-17
> uid                  postmaster (There's always light at the end of the tunnel)
> <postmaster at gbenet.com>
> ssb   4096R/FDDA1EF2 2014-08-17
>
> david at laptop-1:/media/store$
>
> gpg --output mykey1.asc --export -a AAD8C47D
> gpg --output mykey2.asc --export -a FDDA1EF2

You are about to export the same key iwtice.  Unless special options are
used the --export command exports the main key "sec" and all subkeys
"ssb".  Not a problem but may be surprising.

> gpg: can't handle public key algorithm 19
> gpg: can't handle public key algorithm 18

You played with the new ECC algorithms but not a problem.


> david at laptop-1:/media/store$
>
> gpg -ao allow-non-selfsigned-uid david-public.key --export FDDA1EF2

You wrote output to the file "allow-non-selfsigned-uid" ;-)


> gpg: writing to `david-public.key'
> gpg: can't handle public key algorithm 19
> gpg: can't handle public key algorithm 18
> david at laptop-1:/media/store$
>
> Got the same error message. there's something wrong with subkey binding signatures for
> secret keys.

I can't see an error message. "can't handle public..." are just warnings
about some othe keys found in the keyring or your key? 

> david at laptop-1:/media/david/store$ gpg -ao --import --allow-non-selfsigned-uid david-public.key
> gpg: armour header: Version: GnuPG v1.4.11 (GNU/Linux)
> pub  4096R/AAD8C47D 2014-08-17 postmaster (There's always light at the end of the tunnel)
> <postmaster at gbenet.com>
> sig        AAD8C47D 2014-11-15   [selfsig]
> gpg: can't handle public key algorithm 19
> gpg: can't handle public key algorithm 18
> sig        32521C09 2014-08-25   Carolyn Hoyle (I respect privacy) <carolynbelkair at yahoo.co.uk>
> sub  4096R/FDDA1EF2 2014-08-17
> sig        AAD8C47D 2014-08-17   [keybind]
> david at laptop-1:/media/david/store$


It seems that you have ECC subkeys on your key or signed a key woth an
ECC key.  I can't check that because the keyservers do not yet all
support ECC.

> "Key 0xAAD8C47D not found or not valid. The (sub-)key might of expired."

Please send me your complete key.  The copy from the keyservers might
not be complete.  --export is sufficient.


Salam-Shalom,

   Werner




-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list