I have public and private keyring files in my .gnupg directory (pubring.gpg and secring.gpg). I want to create a new keyring trustedkeys.gpg, also in .gnupg, to which I can add other people's public keys.
How do I create this new keyring?
Asked
Active
Viewed 4.3k times
30
rlandster
- 1,332
- 3
- 21
- 32
-
3The convention is to have *all* keys in your `pubring`. Trust is marked using GnuPG's own settings. – u1686_grawity Mar 12 '12 at 22:19
-
2`gpgv` expects signatures to be in `trustedkeys.gpg`. – rlandster Mar 13 '12 at 03:57
-
Can you work around the problem by making a symlink from `trustedkeys.gpg` to `pubring.gpg` (or `trusteddb.pgp`)? – IQAndreas Sep 21 '14 at 15:30
-
1@grawity conventions are just that - conventions. the OP out there will know better the needs at hand. – n611x007 Oct 24 '15 at 07:20
-
A use case I can think for this is to have "people" you trust in one keyring and another keyring for organizations' software signing keys. – Captain Man Apr 27 '22 at 21:17
3 Answers
51
tested with gpg (GnuPG) 2.0.26:
gpg --no-default-keyring --keyring trustedkeys.gpg --fingerprint
beginners' hint: you can use any filename not just trustedkeys.gpg.
it will say gpg: keyring ``</path>/.gnupg/trustedkeys.gpg' created
to use:
gpg --no-default-keyring --keyring trustedkeys.gpg <your-gpg-commands-here>
n611x007
- 6,336
- 14
- 61
- 88
5
gpg --export KEY1 KEY2 > trustedkeys.gpg for public keys and:
gpg --export-secret-keys KEY1 KEY2 > trustedkeys.gpg for complete keys (including private part).
Where you can supply (partial) fingerprints for KEY1, KEY2 etc.
ufotds
- 651
- 8
- 20
5
gpg --keyring pubring.gpg --export KEY > /tmp/exported.key
gpg --no-default-keyring --keyring=path/to/new-keyring.gpg --import /tmp/exported.key
If you want the keyring to also be used by GPG by default from then on, as you say, omit the --no-default-keyring switch.
Find more information in gpg(1) manual under --keyring option.
K3---rnc
- 280
- 3
- 8