New packet format for OpenPGP

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

New packet format for OpenPGP

GnuPG - User mailing list
Hello,

I noticed that GnuPG (I'm using v2.2.19) still uses the old format OpenPGP packets, when I export my keys, for example.
Is there a way I can make it use the new format instead (and possibly make it default)?
It does understand the new format, I just can't seem to find the option to enforce its use.

Also, is it possible to use a private keyring (secring.gpg) for decryption without importing it?
I recall it used to be possible to do this with the earlier versions by specifying the keyring path in gpg.conf, but I can't figure out how to do it now.

Thanks!

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: New packet format for OpenPGP

GnuPG - User mailing list
On Fri, 26 Feb 2021 20:14, jsmith9810--- said:

> I noticed that GnuPG (I'm using v2.2.19) still uses the old format
> OpenPGP packets, when I export my keys, for example.

That is perfectly fine - no need to chnage this.

> Also, is it possible to use a private keyring (secring.gpg) for
> decryption without importing it?

No.  Since 2.1 there is no more secring.gpg; instead gnupg uses one file
per private key.  You find these files under ~/.gnupg/private-keys-v1.d
and their format is stable.  To get the name of the file run

  gpg -k --with-keygrip USERIDORFINGERPRINT

and use the printed keygrip.  Use --with-colons for scripts and see
doc/DETAILS to see how the keygrip is printed.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (233 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: New packet format for OpenPGP

GnuPG - User mailing list

Hello, thank you for your response.

> Sent: Saturday, February 27, 2021 at 10:56 AM
> From: "Werner Koch" <[hidden email]>
> To: "jsmith9810--- via Gnupg-users" <[hidden email]>
> Cc: [hidden email]
> Subject: Re: New packet format for OpenPGP
>
> On Fri, 26 Feb 2021 20:14, jsmith9810--- said:
>
> > I noticed that GnuPG (I'm using v2.2.19) still uses the old format
> > OpenPGP packets, when I export my keys, for example.
>
> That is perfectly fine - no need to chnage this.

I found my answer soon after posting this question by looking through g10/build_packet.c,
where it's hardcoded not to use new_ctb unless dealing with packets that absolutely need it.
I'm still curious as to why though, since RFC4880 strongly recommends use of the new format
packets. If not the default behavior, at least the --rfc4880 option should enforce it.
Although I agree that it doesn't affect the functionality, so it hardly matters.

>
> > Also, is it possible to use a private keyring (secring.gpg) for
> > decryption without importing it?
>
> No.  Since 2.1 there is no more secring.gpg; instead gnupg uses one file
> per private key.  You find these files under ~/.gnupg/private-keys-v1.d
> and their format is stable.  To get the name of the file run
>
>   gpg -k --with-keygrip USERIDORFINGERPRINT
>
> and use the printed keygrip.  Use --with-colons for scripts and see
> doc/DETAILS to see how the keygrip is printed.

It's sad that this functionality is no longer available. I understand that GnuPG has been
redesigned to use a different internal format to store the private keys now, but it would
have been so much better if it retained the support for external secring.gpg, just like it
currently supports reading recepient keys from an external file using -F option for one-off
use.

As an occassional GnuPG user, I have to say that I much preferred the simplicity of the
old GnuPG software that allowed for a cleaner, portable and standalone installation, with
no hard dependency on gnupg-agent. Just built 1.4.23 and liking it, now I have to figure
out how to keep it alongside gpg2 which is disguised as gpg now.
>
> Salam-Shalom,
>
>    Werner
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: New packet format for OpenPGP

GnuPG - User mailing list
On Mon,  1 Mar 2021 06:36, jsmith9810--- said:

> I'm still curious as to why though, since RFC4880 strongly recommends
> use of the new format
> packets. If not the default behavior, at least the --rfc4880 option

It SHOULD do this but I see no reason for this.  For the sake of
interoperability we better keep with the old format.  There is no
technical or security drawback with this and implementations need some
support anyway to compute fingerprints.  The code required to handle
both is trivial.

> currently supports reading recepient keys from an external file using
> -F option for one-off
> use.

Support an option name and open a feature request at dev.gnupg.org.

> old GnuPG software that allowed for a cleaner, portable and standalone
> installation, with

Reminds be somehow of the sendmail vs. postfix discussions 25 years ago ;-)

> out how to keep it alongside gpg2 which is disguised as gpg now.

You should not name it gpg2 - this has only been done to allow
co-existing back then when gpg2 used to be part of most Debian's base
systems.


Shalom-Salam,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (233 bytes) Download Attachment