logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

migrate-pubring-from-classic-gpg - Migrate a public keyring from "classic" to "modern" GnuPG

Contents

Author

       Copyright (C) 2016 Daniel Kahn Gillmor for the Debian project. Please report bugs via the Debian BTS.

                                                   April 2016                MIGRATE-PUBRING-FROM-CLASSIC-GPG(1)

Description

migrate-pubring-from-classic-gpg  migrates the public keyring in GnuPG home directory GPGHOMEDIR from the
       "classic" keyring format (pubring.gpg) to the "modern" keybox format using  GnuPG  versions  2.1  or  2.2
       (pubring.kbx).

       Specifying  --default selects the standard GnuPG home directory (looking at $GNUPGHOME first, and falling
       back to ~/.gnupg if unset.

Diagnostics

       The program sends quite a bit of text (perhaps too much) to stderr.

       During a migration, the tool backs up several pieces  of  data  in  a  timestamped  subdirectory  of  the
       GPGHOMEDIR.

Environment Variables

GNUPGHOME Selects the GnuPG home directory when set and --default is given.

       GPG The name of the gpg executable (defaults to gpg ).

Limitations

       The  keybox  format  rejects  a  number of OpenPGP certificates that the "classic" keyring format used to
       accept.   These  filters  are  defensive,  since  the  certificates  rejected  are   unsafe   --   either
       cryptographically  unsound,  or  dangerously non-performant.  This means that some migrations may produce
       warning messages about the migration being incomplete.  This is generally a good thing!

       Known limitations:

       Floodedcertificates
           Some OpenPGP certificates have been flooded with bogus certifications as part of an attack on the SKS
           keyserver      network      (see       https://tools.ietf.org/html/draft-dkg-openpgp-abuse-resistant-
           keystore-03#section-2.1).

           The keybox format rejects import of any OpenPGP certificate larger than 5MiB.  As of GnuPG 2.2.17, if
           gpg  encounters  such  a  flooded  certificate  will retry the import while stripping all third-party
           certifications (see "self-sigs-only" in gpg(1)).

           The typical error message when migrating a keyring with a flooded certificate will be something like:

               error writing keyring 'pubring.kbx': Provided object is too large

       OpenPGPv3publickeys(a.k.a.PGP-2keys)
           Modern OpenPGP implementations use so-called "OpenPGP v4" public keys.  Older versions of the  public
           key  format  have  serious known problems.  See https://tools.ietf.org/html/rfc4880#section-5.5.2 for
           more details about and reasons for v3 key deprecation.

           The keybox format skips v3 keys entirely during migration, and GnuPG will produce a message like:

               skipped PGP-2 keys: 1

Name

       migrate-pubring-from-classic-gpg - Migrate a public keyring from "classic" to "modern" GnuPG

Options

-h, --help, --usage Output a short usage information.

See Also

gpg(1)

Synopsis

migrate-pubring-from-classic-gpg [ GPGHOMEDIR | --default ]

See Also

Man Pages
GnuPG Man Pages
Classical
Classical PNG Icons
Man Pages
formats Man Pages
Man Pages
keyringer Man Pages
Man Pages
openpgp Man Pages
Man Pages
migrate Man Pages
MCP
Public Mcp
Installerpedia
getgrav/grav Installerpedia
← View User commands Category← Back to Security and encryption🙏  Credits & Acknowledgments