Changes in GnuPG

Damien Goutte-Gattat dgouttegattat at incenp.org
Mon Jan 6 23:43:51 CET 2020


On Mon, Jan 06, 2020 at 04:42:40PM +0100, azbigdogs at gmx.com wrote:
>I'm still a bit confused on the changes in secring. How does it come up
>with the names for those "new" keys as it doesn't seem to corrolate
>with anything I can see on the keys.

Files under the $GNUPGHOME/private-keys-v1.d directory are named after 
the *keygrips* of the keys.

A keygrip is similar in principle to an OpenPGP fingerprint, but is 
computed on a data structure that is independent of any protocol 
(contrary to an OpenPGP fingerprint, which is computed over an OpenPGP 
packet).

GnuPG, which since its version 2.0 implements both OpenPGP and S/MIME, 
uses keygrips internally to refer to a key independently of the protocol 
with which the key is to be used.

You can use the --with-keygrip option when listing keys to have GnuPG 
display the keygrips, and check that they match the filenames you see in 
the $GNUPGHOME/private-keys-v1.d directory.


>For them to go away from the OpenPGP standard it obviously had to make
>sense to them

The OpenPGP standard dictates how compliant implementations 
interoperate. It says nothing about what the implementations shall do 
internally.

Keygrips are strictly an internal implementation detail of GnuPG. When 
it interacts with the outside world (e.g. when exporting a key), GnuPG 
still follows the OpenPGP standard.


Cheers,

- Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200106/0704d5f2/attachment.sig>


More information about the Gnupg-users mailing list