Glad you could work it out. I still think the best solution lies somewhere else, not sharing secring and having only one account update pubring (or not sharing pubring).
But I have an important, but simple modification to your scheme. Don't share anything else but pubring.gpg and secring.gpg. It's really unnecessary and should be avoided. Include lines like no-default-keyring keyring /path/to/shared/pubring.gpg secret-keyring /path/to/shared/secring.gpg in each user's gpg.conf and don't share the other files. I couldn't properly grasp your plan, so I have no comment on that. As long as world-readable/writable secret files are out the window, it seems a major improvement ;). Oh! I just thought of something! If you include the following: /home/admin/.gnupg/gpg.conf: no-default-keyring keyring /writable/by/admin/pubring.gpg keyring /writable/by/test1/pubring.gpg primary-keyring /writable/by/admin/pubring.gpg /home/test1/.gnupg/gpg.conf: no-default-keyring keyring /writable/by/admin/pubring.gpg keyring /writable/by/test1/pubring.gpg primary-keyring /writable/by/test1/pubring.gpg /home/test2/.gnupg/gpg.conf: no-default-keyring keyring /writable/by/admin/pubring.gpg keyring /writable/by/test1/pubring.gpg Then both admin and test1 can have their own writable pubrings which are only readable by other users, and the users see the total of all keys in either pubring. This still leaves secring which is much simpler, since only admin needs write access. Also, I don't think secrings stack like pubrings do, so you couldn't do this. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
