[pkg-gnupg-maint] Debian gnupg2 (2.1.11-7+exp1) experimental
Jonathan McDowell
noodles at earth.li
Tue Apr 26 17:41:43 UTC 2016
On Tue, Apr 26, 2016 at 04:17:05PM +0200, Werner Koch wrote:
> On Tue, 26 Apr 2016 14:28, noodles at earth.li said:
> > the assumption that a valid keyring can be made by cat'ing individual
> > binary keys together; this is done so each key is a separate object in
>
> If the keys are "Transferable Public Keys" as specified by OpenPGP and
> created for example with "gpg --export", cat'ing them is valid. From
> RFC4880:
>
> Transferable public-key packet sequences may be concatenated to allow
> transferring multiple public keys in one operation.
Yes, this is the case.
> My remarks have been about the keyring.gpg files as use by gpg. They
> are indeed such sequences but that is the case only for older gpg
> versions. Since 2.1 the default has changed. "gpg --import" in a new
> GnuPG home will create the new default.
>
> If there is a need to guarantee that *gpgv* will be able to work
> directly with a sequence of "Transferable Public Keys", please open a
> feature request at bugs.gnupg.org and describe why this makes sense.
I'm only concerned about gpg, not gpgv; I don't know if that makes a
significant difference.
The keyrings produced using cat are currently used directly in that form
with the "--keyring" option to gnupg. If this is likely to no longer be
supported then I suspect various pieces of workflow within Debian will
have to change; the keyrings in question are rsynced around the
infrastructure. If they cannot be used in this form by later gnupg
versions then there will have to be some sort of remove all keys/import
the new keys procedure.
J.
--
] http://www.earth.li/~noodles/ [] 101 things you can't have too much [
] PGP/GPG Key @ the.earth.li [] of : 4 - Chocolate. [
] via keyserver, web or email. [] [
] RSA: 4096/0x94FA372B2DA8B985 [] [
More information about the pkg-gnupg-maint
mailing list