Pubring.gpg

Still trying to learn the differences with this new (to me) version of GPG4Win/GnuPG. I did run into one odd thing that I can’t find the answer to. It says public keys are stored in pubring.gpg but I don’t have that file. I do have a pubring.kbx (I believe that is a Keepass format?)

So where did the pubring.gpg go and where is it storing my public keys? I only have one public key in there right now (added through Kleopatra) but would like to get this sorted before adding more.

Thanks

Hi Mark,

the technical GnuPG documentation and changelogs should have the info you are looking for.

E.g. see section “faster keyring format” in https://gnupg.org/faq/whats-new-in-2.1.html
There is even a debugging tool for it:
https://www.gnupg.org/documentation/manuals/gnupg/kbxutil.html
(footnote for is not correct anymore.)

Regards,
Bernhard

Hi Bernhard,

That link did explain exactly what happened. I didn’t have a pubring.gpg on here so it just created the new format one instead. I wonder if/how other apps will handle that such as PowerArchiver.

One question I’m still trying to find the answer to and didn’t see it in this FAQ is the naming scheme of the new keys created (in Kleopatra). There are 2 files in the “private-keys-v-1.d” directory. Their naming doesn’t seem to have any type of connection to the key itself. Not the my name, not the key fingerprint, not the ID of the subkeys… nothing.

Is this done intentionally to mask the identity of the keys. Therefore requiring someone to explicitly export the keys to get any type of information about them outside if GNUPG/GPG4Win?

Thanks Again for your help.
Mark

Hi Mark,

anything within the $GNUPGHOME directory is GnuPG internal data and except for a few configuration files should be changed using GnuPG (and its tools) itself.
So external application should usually not manipulate files in this directory.
(If so they are responsible for being compatible to GnuPG’s code themselves.)

The file names are keygrips for the secret keys (and subkeys), e.g. see
https://gnupg.org/documentation/manuals/gnupg/Agent-Protocol.html
for easier identification without being specific to a protocol.

Regards,
Bernhard

Hi Bernhard,

Thanks for the link. I don’t understand all of that was mentioned below, but from the gist of it I get that they key name (file name) are derived from some hash based from the public key. I guess I have a lot more to read to figure out why this changed from the “old system”

"To identify a key we use a thing called keygrip which is the SHA-1 hash of an canonical encoded S-Expression of the public key as used in Libgcrypt. For the purpose of this interface the keygrip is given as a hex string. The advantage of using this and not the hash of a certificate is that it will be possible to use the same keypair for different protocols, thereby saving space on the token used to keep the secret keys. "

Thanks Again for all your help,
Mark