Changes in GnuPG
Robert J. Hansen
rjh at sixdemonbag.org
Tue Jan 7 08:37:30 CET 2020
> I'm still a bit confused on the changes in secring. How does it come up
> with the names for those "new" keys as it doesn't seem to corrolate with
> anything I can see on the keys.
The names are actually keygrips, not fingerprints.
> For them to go away from the OpenPGP standard it obviously had to make
> sense to them…
They didn't. RFC4880 doesn't define how to store certificates.
Way back when, PGP Corporation stored its two keyrings as "pubring.pkr"
and "secring.skr". These two files were incredibly simple: each was
effectively an OpenPGP message containing nothing but a long sequence of
certificates. When PGP started it read each file into RAM, populated a
master keyring, and that was that.
When GnuPG came along they decided to use the exact same format so that
people could migrate just by renaming their .pkr and .skr files to have
.gpg extensions. And this was likely a good decision, in that it made
it easy for people to switch from PGP.
PGP is no longer a serious player in the OpenPGP space. Symantec bought
PGP years ago and seem to have been neglecting it ever since.
Consequentially, we no longer *need* to use old PGP formats to encourage
people to cross over. And at the same time, keyrings are getting a lot
bigger -- back in 2000 few people had more than a couple of dozen
certificates; twenty years later it's easy to have a few *hundred*
certificates. And the old, inefficient PGP keyring format doesn't work
very well any more.
We don't need the PGP compatibility any more and it's holding us back.
That's the root reason for the changes.
More information about the Gnupg-users
mailing list