Changes in GnuPG

Mark azbigdogs at gmx.com
Thu Jan 9 21:01:43 CET 2020


Robert,

Thanks for the explantion of the new public key format. If I understand
it correctly, the old system was like a flat file an this new one is
more like an indexed database that allows faster lookups.

On 1/7/2020 12:37 AM, Robert J. Hansen wrote:
>> I'm still a bit confused on the changes in secring. How does it come up
>> with the names for those "new" keys as it doesn't seem to corrolate with
>> anything I can see on the keys.
> The names are actually keygrips, not fingerprints.
>
>> For them to go away from the OpenPGP standard it obviously had to make
>> sense to them…
> They didn't.  RFC4880 doesn't define how to store certificates.
>
> Way back when, PGP Corporation stored its two keyrings as "pubring.pkr"
> and "secring.skr".  These two files were incredibly simple: each was
> effectively an OpenPGP message containing nothing but a long sequence of
> certificates.  When PGP started it read each file into RAM, populated a
> master keyring, and that was that.
>
> When GnuPG came along they decided to use the exact same format so that
> people could migrate just by renaming their .pkr and .skr files to have
> .gpg extensions.  And this was likely a good decision, in that it made
> it easy for people to switch from PGP.
>
> PGP is no longer a serious player in the OpenPGP space.  Symantec bought
> PGP years ago and seem to have been neglecting it ever since.
> Consequentially, we no longer *need* to use old PGP formats to encourage
> people to cross over.  And at the same time, keyrings are getting a lot
> bigger -- back in 2000 few people had more than a couple of dozen
> certificates; twenty years later it's easy to have a few *hundred*
> certificates.  And the old, inefficient PGP keyring format doesn't work
> very well any more.
>
> We don't need the PGP compatibility any more and it's holding us back.
> That's the root reason for the changes.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



More information about the Gnupg-users mailing list