On Mon, 16 Sep 2019 15:41, [email protected] said: > * On 9/15/19 3:56 PM, Werner Koch wrote: >> The trust packets are for internal use of gpg and are never exported. > > But... that's the whole point. gpg 1.4 seems to export them, while gpg > 2.x does not.
I just checked the code and I can't see how they get exported. In the
loop over the packets you find:
/* Make sure that ring_trust packets never get exported. */
if (node->pkt->pkttype == PKT_RING_TRUST)
continue;
which should skip them while exporting. Can you please provide a test
keyring and tell us the exact gpg 1.4 version you are using?
> unreproducible output for a specific operation is a bit weird. I don't know if
> the format GnuPG generates with the --export command is considered
> stable, though.
Yes it is the interchange format as specified by RFC-4880.
> I basically need to find a way to
> - either make gpg 1.4 NOT output trust packets
The solution is simple; Do not use gpg 1.4 except for decrypting legacy
data which either does not use MDC or is encrypted with a v3 key.
There is no other use case for gpg 1.4.
> 1.4 seems to generate trust packets *only* after signatures, while 2.2, when
> used with the --export-options backup option, generates trust packets after
> key,
They are implementation defined and thus do not go into the key
interchange format (transferable public/secret key). The backup/restore
options are an exception for, well, backup and restore of *GnuPG*'s
internal key data storage.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
