Changes in GnuPG
Damien Goutte-Gattat
dgouttegattat at incenp.org
Mon Jan 6 23:43:51 CET 2020
On Mon, Jan 06, 2020 at 04:42:40PM +0100, azbigdogs at gmx.com wrote:
>I'm still a bit confused on the changes in secring. How does it come up
>with the names for those "new" keys as it doesn't seem to corrolate
>with anything I can see on the keys.
Files under the $GNUPGHOME/private-keys-v1.d directory are named after
the *keygrips* of the keys.
A keygrip is similar in principle to an OpenPGP fingerprint, but is
computed on a data structure that is independent of any protocol
(contrary to an OpenPGP fingerprint, which is computed over an OpenPGP
packet).
GnuPG, which since its version 2.0 implements both OpenPGP and S/MIME,
uses keygrips internally to refer to a key independently of the protocol
with which the key is to be used.
You can use the --with-keygrip option when listing keys to have GnuPG
display the keygrips, and check that they match the filenames you see in
the $GNUPGHOME/private-keys-v1.d directory.
>For them to go away from the OpenPGP standard it obviously had to make
>sense to them
The OpenPGP standard dictates how compliant implementations
interoperate. It says nothing about what the implementations shall do
internally.
Keygrips are strictly an internal implementation detail of GnuPG. When
it interacts with the outside world (e.g. when exporting a key), GnuPG
still follows the OpenPGP standard.
Cheers,
- Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200106/0704d5f2/attachment.sig>
More information about the Gnupg-users
mailing list