How to join pubring.kbx and pubring.gpg?

Binarus lists at
Wed Jun 14 16:04:40 CEST 2017

Dear experts,

I am running Thunderbird, Enigmail and gpg4win on Windows 7. All
components are up to date, and I am using this combination successfully
since several years for signing, encrypting and decrypting email messages.

Now, for the first time, a new communication partner won't provide his
public GPG key directly, but only in form of a .p7b certificate. Since
several hours, I am having a remarkably hard time trying to import his
public key into the setup mentioned above.

1) gpgsm seems to be the only tool which can be used to extract public
keys or convert certificates from the .p7b format to the format needed
by GPG. Fortunately, gpgsm is included in the gpg4win package, so I
could use it on my system.

2) But whatever I did, I could not see the new public keys in the key
list gpg shows. So I tracked the issue further down and noticed:

gpg -k correctly lists the keys I have currently in use, but not the
new, imported key.

gpgsm -k correctly lists the new key, but not the keys I have currently
in use.

3) Further research lead me to this post:

This at least gave me a vague idea about what might be going on.
Obviously, gpgsm had imported the new key into pubring.kbx, but not into
pubring.gpg (note: This seems to be expected behavior as I have found
out in the meantime).

So I closed Thunderbird and deleted pubring.gpg for testing purposes.
According to the post mentioned above, GPG then should have used
pubring.kbx instead of pubring.gpg, so I expected to see the new,
imported key when issuing gpg -k.

But instead, gpg -k generated a new (empty) pubring.gpg instead of using

4) I have found no way to make GPG use pubring.kbx although I have
double checked that I am using the most recent version of gpg4win,
meaning that I am using gpg2. I also have double checked the
installation directory; there is no gpg.exe, but there is gpg2.exe (and
gpgv2.exe, whatever that might be). So it should use pubring.kbx,
shouldn't it?

5) I have found no way to convert pubring.kbx to pubring.gpg, or to join

To summarize: I have a .pb7 certificate with a public PGP key. I can
import it to pubring.kbx. I can't import it to pubring.gpg. I can't use
it because gpg4win uses pubring.gpg. I can't convert pubring.kbx to
pubring.gpg. I can't join pubring.kbx with pubring.gpg.

Does anybody have an idea how I could get out of this? I have access to
full-blown Linux systems, so I could perform all conversions or import
steps on Linux if necessary. But I still have to use the end results
under Windows with the setup mentioned at the beginning of this post.

Thank you very much,


More information about the Gnupg-users mailing list