Some questions about working with different versions of GnuPG and the fsfe's card on subkeys doc

stebe at stebe at
Fri Feb 12 11:43:37 CET 2016


just a few more questions on key generation and the fsfe doc (1) 

Following the indications in the referred document I have used a LIVE OS
for all the steps indicated in it (up to now), and GnuPG version 2.1.9.

I understand that the sections starting with "Removing the master key from
the keyring" up to "Remove backups from your machine" have to be performed
on the machine/OS I actually use to work/communicate with gpg/Enigmail
(GnuPG version 2.0.19).

1) To do so, is it enough to use the backup of private-keys-v1.d and
pubring.kbx I stored on a separate USB flash drive and reimport that to
the actual machine/OS I use (and then perform the steps described in the
referred doc as there are Remove main encryption subkey/Export secret
subkeys/Remove secret master key/Reimport the subkey stubs etc.)? 
Or should I in any case make a complete backup of the live system's
~/.gnupg before stopping it? I haven't manually configured anything in
gpg.conf there.
The target OS I'll use has gpg 2.0.19 installed. 
The pubring file format used there is different (.gpg). There is also
In this secring.gpg there are still secret keys of disabled/revoked keys.
I have made a separate backup of it. I understand that the .kbx format
used in 2.1.x holds some information of what in 2.0.19 is stored in the
secring (or did I misunderstand that?). Is it at all possible to do what I
plan to do?  
2) Will it thus suffice to export my new pub key from pubring.kbx on the
separate flash drive and reimport it (in)to pubring.gpg on the target OS
AND copy the private-keys-v1.d folder to the .gnupg directory of the
target OS (and then perform the remaining steps)?
Or is there something else I should take into account?

Any confirmation/help appreciated.




More information about the Gnupg-users mailing list