Will gpg 1.x remain supported for the foreseeable future?

Werner Koch wk at gnupg.org
Wed Jan 17 10:09:50 CET 2018


On Wed, 17 Jan 2018 01:26, dank at kegel.com said:

> I'm starting to suspect that using version 2.x of gnupg is simply not
> a good idea when writing shell scripts that have to run unattended
> and not touch system keychains or agents.

Actually 2.2 is much easier to script than 2.1.  Watch out for all these
new --quick-foo commands.  There are also very useful new
--export-options and --import-options.

Regarding the passphrase to protect private keys: Please rethink your
design if you need a passphrase for unattended systems.  If that does
not work for you: --pinentry-mode=loopback works reasonable well.

> from debian does not support version 2's keybox format, so I had
> to drop back to gpg version 1 anyway.

I am stating this for nearly 20 years: The format of pubring.gpg or
pubring.kbx is intern to the gpg implementation and does not constitute
any specified API.  The same goes for most files in GnuPG's home
directory.  To work with public or private keys the --import and
--export commands are to be used.

Just in case: Always use --batch, --status-fd, and --with-colon in
scripts.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180117/6836ad64/attachment.sig>


More information about the Gnupg-users mailing list