New packet format for OpenPGP
jsmith9810 at gmx.com
jsmith9810 at gmx.com
Mon Mar 1 06:36:07 CET 2021
Hello, thank you for your response.
> Sent: Saturday, February 27, 2021 at 10:56 AM
> From: "Werner Koch" <wk at gnupg.org>
> To: "jsmith9810--- via Gnupg-users" <gnupg-users at gnupg.org>
> Cc: jsmith9810 at gmx.com
> Subject: Re: New packet format for OpenPGP
> On Fri, 26 Feb 2021 20:14, jsmith9810--- said:
> > I noticed that GnuPG (I'm using v2.2.19) still uses the old format
> > OpenPGP packets, when I export my keys, for example.
> That is perfectly fine - no need to chnage this.
I found my answer soon after posting this question by looking through g10/build_packet.c,
where it's hardcoded not to use new_ctb unless dealing with packets that absolutely need it.
I'm still curious as to why though, since RFC4880 strongly recommends use of the new format
packets. If not the default behavior, at least the --rfc4880 option should enforce it.
Although I agree that it doesn't affect the functionality, so it hardly matters.
> > Also, is it possible to use a private keyring (secring.gpg) for
> > decryption without importing it?
> No. Since 2.1 there is no more secring.gpg; instead gnupg uses one file
> per private key. You find these files under ~/.gnupg/private-keys-v1.d
> and their format is stable. To get the name of the file run
> gpg -k --with-keygrip USERIDORFINGERPRINT
> and use the printed keygrip. Use --with-colons for scripts and see
> doc/DETAILS to see how the keygrip is printed.
It's sad that this functionality is no longer available. I understand that GnuPG has been
redesigned to use a different internal format to store the private keys now, but it would
have been so much better if it retained the support for external secring.gpg, just like it
currently supports reading recepient keys from an external file using -F option for one-off
As an occassional GnuPG user, I have to say that I much preferred the simplicity of the
old GnuPG software that allowed for a cleaner, portable and standalone installation, with
no hard dependency on gnupg-agent. Just built 1.4.23 and liking it, now I have to figure
out how to keep it alongside gpg2 which is disguised as gpg now.
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users