Text (non-binary) keyring format
Werner Koch
wk at gnupg.org
Fri Sep 13 13:39:08 CEST 2024
Hi!
On Thu, 12 Sep 2024 13:28, Alejandro Colomar said:
> I have my ~/.gnupg keyring under git source control, which helps
> creating and updating backups, and also having a history of the changes.
That is not a good idea because the key database (pubring.gpg,
pubring.kbx, or keyboxd DB) are a binary format which also stores meta
data which is only used by gnupg itself and not part of an official
API (e.g. the signature cache).
Thus if you want to put something under version control, it is better to
do this with exported files. You may use "--export-option backup" so
that you get all the internal infos and also non-exportable signed
signatures ("--export-option export-local-sigs" would be sufficient
here.
Although I really like text files, it will be somewhat hard to diff them
because any property update of a key also requires a new signature and
that give a lot of diff overhead. This is similar to Libreoffice's fodt
format - in theory a way to diff things but in practice it is useless.
We actually moved to an SQL database to speed up things. If you have
hundreds of keys with thousands of key signatures it is very helpful to
have indices; it really speeds up things.
OpenPGP keys do not allow a rollback by design. For documentation
writing a (sorted) key listing to a file might thus be more useful than
plain text files.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240913/92296f1d/attachment.sig>
More information about the Gnupg-users
mailing list