man-pages/man1/migrate-pubring-from-classic-gpg.1.html
2021-03-31 01:06:50 +01:00

159 lines
4.4 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of MIGRATE-PUBRING-FROM-CLASSIC-GPG</TITLE>
</HEAD><BODY>
<H1>MIGRATE-PUBRING-FROM-CLASSIC-GPG</H1>
Section: User Commands (1)<BR>Updated: April 2016<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
migrate-pubring-from-classic-gpg - Migrate a public keyring from &quot;classic&quot; to &quot;modern&quot; GnuPG
<P>
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>migrate-pubring-from-classic-gpg</B>
[ <B>GPGHOMEDIR</B> |
<I>--default</I> ]
<P>
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
<P>
<B>migrate-pubring-from-classic-gpg</B>
migrates the public keyring in GnuPG home directory GPGHOMEDIR from
the &quot;classic&quot; keyring format (pubring.gpg) to the &quot;modern&quot; keybox format using GnuPG
versions 2.1 or 2.2 (pubring.kbx).
<P>
Specifying
<B>--default</B>
selects the standard GnuPG home directory (looking at $GNUPGHOME
first, and falling back to ~/.gnupg if unset.
<P>
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<B>-h</B>, <B>--help</B>, <B>--usage</B>
Output a short usage information.
<P>
<A NAME="lbAF">&nbsp;</A>
<H2>DIAGNOSTICS</H2>
The program sends quite a bit of text (perhaps too much) to stderr.
<P>
During a migration, the tool backs up several pieces of data in a
timestamped subdirectory of the GPGHOMEDIR.
<P>
<A NAME="lbAG">&nbsp;</A>
<H2>LIMITATIONS</H2>
The keybox format rejects a number of OpenPGP certificates that the
&quot;classic&quot; keyring format used to accept. These filters are defensive,
since the certificates rejected are unsafe -- either cryptographically
unsound, or dangerously non-performant. This means that some
migrations may produce warning messages about the migration being
incomplete. This is generally a good thing!
<P>
Known limitations:
<P>
<B>Flooded certificates</B>
<DL COMPACT><DT id="1"><DD>
Some OpenPGP certificates have been flooded with bogus certifications
as part of an attack on the SKS keyserver network (see
<A HREF="https://tools.ietf.org/html/draft-dkg-openpgp-abuse-resistant-keystore-03#section-2.1).">https://tools.ietf.org/html/draft-dkg-openpgp-abuse-resistant-keystore-03#section-2.1).</A>
<P>
The keybox format rejects import of any OpenPGP certificate larger
than 5MiB. As of GnuPG 2.2.17, if gpg encounters such a flooded
certificate will retry the import while stripping all third-party
certifications (see &quot;self-sigs-only&quot; in <A HREF="/cgi-bin/man/man2html?1+gpg">gpg</A>(1)).
<P>
The typical error message when migrating a keyring with a flooded
certificate will be something like:
<P>
</DL>
<DL COMPACT><DT id="2"><DD>
error writing keyring 'pubring.kbx': Provided object is too large
</DL>
<P>
<B>OpenPGPv3 public keys (a.k.a. PGP-2 keys)</B>
<DL COMPACT><DT id="3"><DD>
Modern OpenPGP implementations use so-called &quot;OpenPGP v4&quot; public keys.
Older versions of the public key format have serious known problems.
See <A HREF="https://tools.ietf.org/html/rfc4880#section-5.5.2">https://tools.ietf.org/html/rfc4880#section-5.5.2</A> for more details
about and reasons for v3 key deprecation.
<P>
The keybox format skips v3 keys entirely during migration, and GnuPG
will produce a message like:
<P>
</DL>
<DL COMPACT><DT id="4"><DD>
skipped PGP-2 keys: 1
</DL>
<P>
<A NAME="lbAH">&nbsp;</A>
<H2>ENVIRONMENT VARIABLES</H2>
<P>
<B>GNUPGHOME</B>
Selects the GnuPG home directory when set and --default is given.
<P>
<B>GPG</B>
The name of the
<B>gpg</B>
executable (defaults to
<B>gpg</B>
).
<P>
<A NAME="lbAI">&nbsp;</A>
<H2>SEE ALSO</H2>
<B><A HREF="/cgi-bin/man/man2html?1+gpg">gpg</A></B>(1)
<P>
<A NAME="lbAJ">&nbsp;</A>
<H2>AUTHOR</H2>
Copyright (C) 2016 Daniel Kahn Gillmor for the Debian project. Please
report bugs via the Debian BTS.
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="5"><A HREF="#lbAB">NAME</A><DD>
<DT id="6"><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT id="7"><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT id="8"><A HREF="#lbAE">OPTIONS</A><DD>
<DT id="9"><A HREF="#lbAF">DIAGNOSTICS</A><DD>
<DT id="10"><A HREF="#lbAG">LIMITATIONS</A><DD>
<DT id="11"><A HREF="#lbAH">ENVIRONMENT VARIABLES</A><DD>
<DT id="12"><A HREF="#lbAI">SEE ALSO</A><DD>
<DT id="13"><A HREF="#lbAJ">AUTHOR</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:05:19 GMT, March 31, 2021
</BODY>
</HTML>