[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-devel
Subject:    Re: Importing a particular key from a key ring
From:       David Shaw <dshaw () jabberwocky ! com>
Date:       2001-09-21 21:28:05
[Download RAW message or body]

On Fri, Sep 21, 2001 at 10:42:25PM +0200, Neal H Walfield wrote:

> This gives a little bit of extra output:
> 
>         neal@bassanio:~ (0)$ gpg --keyring keyring --armor --export \
>         > neal@cs.uml.edu | gpg --import
>         gpg: keyblock resource `/home/neal/.gnupg/keyring': file open error
>         gpg: key 8BAFCDBD: not changed
>         gpg: Total number processed: 1
>         gpg:              unchanged: 1
> 
> Note the superfluous error message.  When we provide a full path, this
> message is, as expected, elided:
> 
>         neal@bassanio:~ (0)$ gpg --keyring $PWD/keyring --export \
>         > neal@cs.uml.edu | gpg --import
>         gpg: key 8BAFCDBD: not changed
>         gpg: Total number processed: 1
>         gpg:              unchanged: 1
> 
> If this is a considered to be a security feature, it is, in my
> personal opinion, better that a full path be enforced.

If a keyring specified with --keyring does not have a path, it is
looked for in your homedir (usually ~/.gnupg).  In the first example
above, GnuPG expands "keyring" to "/home/neal/.gnupg/keyring", fails,
and finally gets the key to export from your regular (usually
~/.gnupg/pubring.gpg) keyring.  In the second example, it is unclear
which keyring GnuPG will get the key to export from, since the key
presumably exists in both.

You can do this:

    gpg --no-default-keyring --keyring ./my-keyring --export user@gnu.org | gpg --import

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

[Attachment #3 (application/pgp-signature)]
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic