Peculiar behavior of --list-secret-keys
Werner Koch
wk at gnupg.org
Mon Jul 20 20:37:00 CEST 2015
On Mon, 20 Jul 2015 19:01, rjh at sixdemonbag.org said:
> [rjh at localhost ~]$ gpg --list-secret-key b44427c7
> sec 3072R/1DCBDC01B44427C7 2015-07-16
> uid Robert J. Hansen <rob at enigmail.net>
You created it with gpg 1.x or 2.0 and thus they are stored in
pubring.gpg .
> [rjh at localhost ~]$ gpg2 --list-secret-keys
> /home/rjh/.gnupg/pubring.kbx
and here you are using 2.1 which uses pubring.kbx.
As soon as there is a single OpenPGP key in pubring.kbx (maybe due to
gpg2.1 --import) gpg2.1 will use pubring.kbx and ignore an existing
pubring.gpg. Note that the presence of a pubring.kbx is not
sufficient to let gpg2.1 use it becuase a file with that name has always
been used by gpgsm.
To check whether an OpenPGP key is in a pubring.kbx run
$ kbxutil ~/.gnupg/pubring.kbx | head
BEGIN-RECORD: 0
Length: 32
Type: Header
Version: 1
Flags: 0002 (openpgp)
[...]
and check that the openpgp flag is there (very recent file(1) versions
should also be able to tell you this).
> Also, GnuPG seems to have lost track of the fact that D6B98E10 is an
> ultimately-trusted key.
This is a separate issue; iirc we have/had this in the tracker.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list