On 12/02/16 10:28, Matthias Mansfeld wrote: > Maybe it will become a bit more complicated if it is necessary to > keep the keyrings syncronized in both directions.
Hehe :). Okay, I'll humour you :). I'd probably extract all known keys from both installations, and propagate deletions. You also still need to transfer keys known to both installations, since there might be updates to the keys. Additionally, all the "del..." commands in --edit-key, as well as things like "clean" and stuff, become pretty impossible without doing it in both installations before you sync. gpg2 --fingerprint --with-colons -k | grep ^fpr | cut -d: -f 10 This gives a list of the fingerprints of all public keys known to gpg2. However, it is using standard Unix tools which might not be available (by default?) on Windows. Similarly, I'd continue to write a Bash script that extracts the common set and the differences, and applies any deletions on either side in addition to transferring the common set both ways to get any new information. Obviously, you can't tell the difference between a previously common key that got deleted on one side and a key that got added on the other side. So you need to keep the list of fingerprints from the previous sync to tell the difference. You might even get update conflicts; I can't think of a way right away though. For the trust database, it's easy to imagine a conflict. If I set a different trust level on either side, which one prevails? I do have to say this is a perfect reason to alert the operator. You completely trust someone when you're using GnuPG 2, but only marginally using 1.4? Make up your mind! :) Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
