Restoring keyring from backup fails

Ángel angel at pgp.16bits.net
Fri Apr 24 03:57:40 CEST 2020


On 2020-04-20 at 23:15 -0400, Robert J. Hansen wrote:
> > Any ideas what might be the cause, or how I can find out what's wrong?
> 
> GnuPG 2.2 changed the way it stores public and private keys.  If your
> old installation was GnuPG 2.0 and the new one is 2.2, that might
> explain things.  The fix is pretty easy, though.  Check your versions
> and let us know what's up.  :)


GnuPG 2.2 is able to work with an old keyring. I think the problem is
that the step
> Replace the content of the .gnupg folder with my backup.

meant keeping everything in .gnupg, overwriting files that were present
in the system. Thus, I presume:
* Before moving over the keys he ran gpg on the new system. This will
have created a ~/.gnupg/pubring.kbx file.
* He added (overwriting) to ~/.gnupg the contents of the old ~/.gnupg
* There was no pubring.kbx in the old system, so it happily used
pubring.gpg
* The new system sees that there is a pubring.kbx, and uses it, not
pubring.gpg as their contents would have been migrated,

Thus, he has two completely different behaviors with the same gnupg
version and (apparently) the same keyring.

It would be possible to import the old keys into the new format, but as
we don't need to merge different keyrings, I recommend to just remove
(move somewhere else) the ~/.gnupg folder in the new system and extract
there the contents of the old one.

Additionally, there may be a gpg-agent instance running. Kill that to
ensure that a new one is spawned.


Kind regards





More information about the Gnupg-users mailing list