GPGrelay does not recognize Gpg-2.1 keys; Gpg4win-3beta...

Peter Lebbing peter at
Fri Feb 12 11:41:04 CET 2016

On 12/02/16 10:28, Matthias Mansfeld wrote:
> Maybe it will become a bit more complicated if it is necessary to 
> keep the keyrings syncronized in both directions.

Hehe :). Okay, I'll humour you :).

I'd probably extract all known keys from both installations, and
propagate deletions. You also still need to transfer keys known to both
installations, since there might be updates to the keys. Additionally,
all the "del..." commands in --edit-key, as well as things like "clean"
and stuff, become pretty impossible without doing it in both
installations before you sync.

gpg2 --fingerprint --with-colons -k | grep ^fpr | cut -d: -f 10

This gives a list of the fingerprints of all public keys known to gpg2.
However, it is using standard Unix tools which might not be available
(by default?) on Windows. Similarly, I'd continue to write a Bash script
that extracts the common set and the differences, and applies any
deletions on either side in addition to transferring the common set both
ways to get any new information.

Obviously, you can't tell the difference between a previously common key
that got deleted on one side and a key that got added on the other side.
So you need to keep the list of fingerprints from the previous sync to
tell the difference. You might even get update conflicts; I can't think
of a way right away though.

For the trust database, it's easy to imagine a conflict. If I set a
different trust level on either side, which one prevails? I do have to
say this is a perfect reason to alert the operator. You completely trust
someone when you're using GnuPG 2, but only marginally using 1.4? Make
up your mind! :)


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list