GPGrelay does not recognize Gpg-2.1 keys; Gpg4win-3beta...

Thu Feb 11 12:29:29 CET 2016

First of all... it was established in this thread that you could not
share the key store between GnuPG 2.1 and 1.4. Why is that the case? I
can happily do that here on Linux. The only gotcha is that you don't
profit from the speed gains GnuPG 2.1 gets from the new format of the
key store. Oh, and there might be some issues with elliptic curve keys
as 1.4 can't work with those, but I think it just means GnuPG 1.4 will
complain a bit and not be able to use the elliptic curve keys, but
otherwise keep working. Perhaps I missed a message in the thread, or I'm
missing some knowledge about Windows. If you were to delete your GnuPG
homedir to start fresh (backups though!), then import keys in 1.4 before
you ever start 2.1, wouldn't 2.1 simply pick up the old key store format
from 1.4 and work with that? That would seem the best option here if
that were possible...

On 11/02/16 11:00, gnupgpacker wrote:
> I did get it running even on Windows: gpg2\gpg2.exe --export --output
> C:\temp\exported.keys gpg14\gpg.exe --import C:\temp\exported.keys

A word of warning: the best way to phrase the first command is as:

gpg2\gpg2.exe --output C:\temp\exported.keys --export

Options come before commands. After --export, you specify which keys to
export. Some common reorderings are recognised and "fixed for you", but
it might bite you with a different command. So: options come before
commands!

Furthermore, pipes do generally work on Windows. The last time I did
anything at a command prompt in Windows is seriously long ago, though.
Wouldn't this work?

gpg2\gpg2.exe --export | gpg14\gpg.exe --import

> BUT: If a key is deleted in Gpg2 version of keyring, with the above
> method it is NOT deleted in Gpg's keyring while importing.

Yes, --import is to add keys to your keyring or update existing keys
with new information.

> So is there an option for 'synchronisation' while importing (e.g.
> deleted keys in source export will be deleted while importing)?

Hmmmm. I can't think of a good way. You could choose to delete keys from
both programs yourself; everytime you delete a key in GnuPG 2.1, also
delete it in GnuPG 1.4.

Deleting the keys beforehand is theoretically an option, but you would
have to do an --export-trustdb before (I'd take the gpg2 for that) and
an --import-trustdb afterwards, because you lose all trust settings.
However, I don't even know of any other way to delete all keys than the
rather rude way of deleting pubring.gpg. I can't think of a way to
specify a user ID that would match all keys in the command --delete-keys.

Deleting pubring.gpg seems to preserve private keys; if I import all
public keys including the ones I have the private key for, the private
key also "comes back" as it survived in secring.gpg.

Also, it's a process that takes a large amount of time as it has to
reprocess everything, including recomputing the key validity.

Maybe someone else has a bright idea.

Meanwhile, here is a not recommended way to do it... If your GnuPG home
directory is where I would expect it. I have no experience whatsoever
with GnuPG on Windows, so I'm just guessing based on what a quick
internet search gives me. You might need to adjust it.

Also, it is potentially dangerous. I'm very reluctant to suggest to
someone, without any knowledge about their specific situation, to run a
"del" command like that. Please, make backups, make your own judgement,
don't type commands unless you understand exactly what it does. It
might, for instance, delete your keys from a different installation of
GnuPG, such as gpg2.exe.

gpg2\gpg2.exe --export-ownertrust >C:\temp\exported.trust
gpg2\gpg2.exe --output C:\temp\exported.keys --export
del %APPDATA%\GNU\GnuPG\pubring.gpg
gpg14\gpg.exe --import C:\temp\exported.keys
gpg14\gpg.exe --import-ownertrust C:\temp\exported.trust
gpg14\gpg.exe --check-trustdb

Oh, you could do:

echo %APPDATA%

to see where that actually points to.

I'm not sure why --export-ownertrust doesn't allow you to specify a file
to export to, but --import-ownertrust does allow you to specify a file
to import from. But it means you need the redirect I used for exporting.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>