Upgrade query

Robert J. Hansen rjh at sixdemonbag.org
Tue Sep 24 04:53:31 CEST 2019 

> Migrating from 1.4 to 2.2 is not quite *that* simple, but it isn't hard.
>  A while ago I put together some detailed how-to notes: let me dig them
> up and I'll get back to you.

Can't immediately find them, but here goes.  This is a bit of a process
but it will leave you with a fresh, clean GnuPG 2.2 directory with all
of your GnuPG 1.4 data intact.  And it should also cover the vast
majority of the odd corner cases, too.



1.  Start by backing up your ~/.gnupg directory.  We're going to be
nuking, paving, and rebuilding.  Don't skip this, as there will be files
in here you'll definitely need.

2.  Get a list of every ultimately-trusted key on your keyring.  I do
this with standard command-line tools:

$ gpg --fixed-list-mode --with-colons --list-keys | \
  grep "^pub:u:" | cut -d ":" -f 5 > ~/trusted_keys.txt

3.  Export your entire public and private keyrings.

$ gpg --export-options export-local-sigs,export-sensitive-revkeys \
      --export > ~/pubkeys.gpg
$ gpg --export-secret-keys > ~/privkeys.gpg

4.  Kill gpg-agent.

$ killall gpg-agent

4.  Empty the ~/.gnupg dir.

$ rm -rf ~/.gnupg/*

5.  From the backup you made in step 1, restore the following files.
(You may not have all of them.  If you're missing some, or even most,
that's okay.)

    dirmngr.conf
    dirmngr.conf-1
    dirmngr.conf-1.4
    gpa.conf (no -1, -1.4 variants exist)
    gpg.conf
    gpg.conf-1
    gpg.conf-1.4
    gpg-agent.conf
    gpg-agent.conf-1
    gpg-agent.conf-1.4
    gpgsm.conf
    gpgsm.conf-1
    gpgsm.conf-1.4
    policies.txt
    scdaemon.conf
    scdaemon.conf-1
    scdaemon.conf-1.4
    scd-event
    sshcontrol
    trustlist.txt

6.  Look in your new ~/.gnupg dir for GnuPG 1.4-specific configuration
files:

$ ls ~/.gnupg/*.conf-1*

Then look for unversioned configuration files:

$ ls ~/.gnupg/*.conf

If you have, e.g., a gpg.conf-1 file but not a gpg.conf file, make a new
unversioned file out of the old one.  E.g.,

$ cp ~/.gnupg/gpg.conf-1 ~/.gnupg/gpg.conf

7.  Import your secret keys into gpg2:

$ gpg2 --import ~/sec.gpg
$ gpg2 --import-options import-local-sigs,import-clean \
       --import ~/pub.gpg

8.  Mark your previously ultimate-trusted keys as ultimate-trusted
again.  For each key in your ~/trusted_keys.txt file,

$ gpg2 --edit-key [insert key ID here] trust

Set each trust to ultimate by typing '5'.




... You should be done!

More information about the Gnupg-users mailing list