Restoring keyring from backup fails

Ángel angel at pgp.16bits.net
Sat Apr 25 23:53:16 CEST 2020


On 2020-04-25 at 00:20 +0200, Mike Grunweg wrote:
> Am 24.04.20 um 03:57 schrieb Ángel:
> > On 2020-04-20 at 23:15 -0400, Robert J. Hansen wrote:
> >>> Any ideas what might be the cause, or how I can find out what's wrong?
> >> GnuPG 2.2 changed the way it stores public and private keys.  If your
> >> old installation was GnuPG 2.0 and the new one is 2.2, that might
> >> explain things.  The fix is pretty easy, though.  Check your versions
> >> and let us know what's up.  :)
> > GnuPG 2.2 is able to work with an old keyring. I think the problem is
> > that the step
> >> Replace the content of the .gnupg folder with my backup.
> > meant keeping everything in .gnupg, overwriting files that were present
> > in the system. Thus, I presume:
> > * Before moving over the keys he ran gpg on the new system. This will
> > have created a ~/.gnupg/pubring.kbx file.
> > * He added (overwriting) to ~/.gnupg the contents of the old ~/.gnupg
> > * There was no pubring.kbx in the old system, so it happily used
> > pubring.gpg
> > * The new system sees that there is a pubring.kbx, and uses it, not
> > pubring.gpg as their contents would have been migrated,
> >
> > Thus, he has two completely different behaviors with the same gnupg
> > version and (apparently) the same keyring.
> >
> > It would be possible to import the old keys into the new format, but as
> > we don't need to merge different keyrings, I recommend to just remove
> > (move somewhere else) the ~/.gnupg folder in the new system and extract
> > there the contents of the old one.
> >
> > Additionally, there may be a gpg-agent instance running. Kill that to
> > ensure that a new one is spawned.
> >
> >
> > Kind regards
> Thanks so much, this suggestion worked like a charm!
> 
> From what I can tell, the Ángel's diagnosis was pretty much spot on..
> - Indeed, the old ~/.gnupg didn't have a pubring.kbx file.
> - The new system did have a ~/.gnupg/pubring.kbx file.
>   I presumably ran gnupg before (via an external program which started it).
> 
> 
> Thus, for the record, I did the following to finally have my keys
> properly recognised.
> 1. Kill any gpg-agent instance running.
> 2. Removed my ~/.gnupg folder (move it to a new folder).
> Omitting step 1 is not advisable: without terminating any running
> gpg-agent instances, moving the folder resulted in the creation of a new
> ~/.gnupg folder, containing a pubring.kbx file, which defeated the
> entire point of moving these files.
> 3. Move the key parts of the old folder to the new .gnupg folder.
>    At first I moved just the files pubring.gpg, secring.gpg, and
> trustdb.gpg. This was NOT quite what I wanted:
>      at least in gnupg 2.2, private keys are not stored in the file
> secring.gpg any more, but in the private-keys-v1.d subdirectory.
>    Synchronising that directory was the thing to do, and worked
> perfectly then.
> 
> Best,
> Mike


Adding back the list.

Glad it worked, Mike!





More information about the Gnupg-users mailing list