Changes in GnuPG

Mark azbigdogs at gmx.com
Thu Jan 9 20:58:26 CET 2020


Damien,

Thanks for the explanation on the keygrips. That makes sense why it is
some "random" set of characters.  I understand (I think) it is acting
like a place marker but still trying to understand the why part.


I guess I need to export my keys to make it accessible to other apps
that use PGP (LibreOffice, PowerArchiver, etc)

On 1/6/2020 3:43 PM, Damien Goutte-Gattat wrote:
> On Mon, Jan 06, 2020 at 04:42:40PM +0100, azbigdogs at gmx.com wrote:
>> I'm still a bit confused on the changes in secring. How does it come up
>> with the names for those "new" keys as it doesn't seem to corrolate
>> with anything I can see on the keys.
>
> Files under the $GNUPGHOME/private-keys-v1.d directory are named after
> the *keygrips* of the keys.
>
> A keygrip is similar in principle to an OpenPGP fingerprint, but is
> computed on a data structure that is independent of any protocol
> (contrary to an OpenPGP fingerprint, which is computed over an OpenPGP
> packet).
>
> GnuPG, which since its version 2.0 implements both OpenPGP and S/MIME,
> uses keygrips internally to refer to a key independently of the
> protocol with which the key is to be used.
>
> You can use the --with-keygrip option when listing keys to have GnuPG
> display the keygrips, and check that they match the filenames you see
> in the $GNUPGHOME/private-keys-v1.d directory.
>
>
>> For them to go away from the OpenPGP standard it obviously had to make
>> sense to them
>
> The OpenPGP standard dictates how compliant implementations
> interoperate. It says nothing about what the implementations shall do
> internally.
>
> Keygrips are strictly an internal implementation detail of GnuPG. When
> it interacts with the outside world (e.g. when exporting a key), GnuPG
> still follows the OpenPGP standard.
>
>
> Cheers,
>
> - Damien



More information about the Gnupg-users mailing list