结合使用BouncyCastle和GnuPG 2.1的`pubring.kbx`文件 [英] Using BouncyCastle with GnuPG 2.1's `pubring.kbx` file
问题描述
我正在尝试将BouncyCastle与PGP2配合使用以读取公共密钥环.问题在于,由于GnuPG 2.1,它存储在pubring.kbx中,而不是在pubring.gpg中.这导致IOException public key ring doesn't start with public key tag: tag 0x0
I'm trying to use BouncyCastle with PGP2 to read public keys ring. The problem is that since GnuPG 2.1 it's stored in pubring.kbx instead of pubring.gpg. That leads to IOException public key ring doesn't start with public key tag: tag 0x0
是否知道我是否以及如何在GnuPG 2.1中使用BC?
Any idea if and how I can use BC with GnuPG 2.1?
推荐答案
默认情况下,GnuPG 2.1使用新的键箱文件格式-如果未找到pubring.gpg.如果有旧版"密钥环文件,则将使用它.
GnuPG 2.1 by default uses the new keybox file format -- if no pubring.gpg is found. If there is a "legacy" keyring file, it will be used instead.
我不知道Bouncy Castle支持.kbx文件格式.因此,如果您想在GnuPG使用的相同密钥文件上一起使用Bouncy Castle,则有三种选择:
I'm not aware Bouncy Castle supports the .kbx file format. So if you want to use Bouncy Castle together on the same key files GnuPG is using, you've got three options:
- 在其他位置另外维护一个旧的
pubring.gpg文件,这意味着在需要时运行gpg --export或--export-secret-keys.旧的pubring.gpg只是密钥的转储,您可以直接将导出输出用作密钥环. -
在您的GnuPG主目录中使用
pubring.gpg,换句话说,它会降低.kbx文件的更好性能,以换取兼容性.
- Additionally maintaining an old
pubring.gpgfile somewhere else, which means running angpg --exportor--export-secret-keyswhen needed. The oldpubring.gpgis just a dump of keys, you can directly use the export output as keyring. Using a
pubring.gpgin your GnuPG home directory, with other words dropping the better performance of the.kbxfile in exchange for compatiblity.
首先,请确保复制整个~/.gnupg文件夹或确保具有最新的备份!
First of all, be sure to copy the whole ~/.gnupg folder or make sure to have an up-to-date backup!
最后,迁移过程归结为将密钥箱文件中的信息导出为旧的OpenPGP密钥环格式.从上面链接的变更日志中查看从.kbx文件迁移到.gpg文件的建议:
In the end, the migration process boils down to exporting the information in the keybox file to the old OpenPGP keyring format. Looking at the proposal for migration from .kbx files to .gpg files from the changelog linked above:
$ cd ~/.gnupg
$ gpg --export-ownertrust > otrust.lst
$ mv pubring.gpg publickeys
$ gpg2 --import-options import-local-sigs --import publickeys
$ gpg2 --import-ownertrust otrust.lst
反向过程应该看起来非常相似(假定没有存储任何秘密密钥,否则请在下面阅读,并交换gpg2和gpg以匹配计算机上安装的二进制文件):
The reverse process should look rather similar (given no secret keys are stored, otherwise read below, and exchange gpg2 and gpg to match the binaries installed on your machine):
$ cd ~/.gnupg
$ gpg2 --export-ownertrust > otrust.lst
$ gpg2 --export > pubring.gpg
$ mv pubring.kbx pubring.kbx~
$ gpg2 --import-options import-local-sigs
$ gpg2 --import-ownertrust otrust.lst
--export结果可以直接用作新的密钥环,因此不需要此文件的--import. Ownertrust可能应该以类似的方式复制,我只是保留了此处提出的变更日志.
The --export result can directly be used as new keyring, so no --import of this file is needed. Ownertrust should probably be copied in a similar manner, I just kept was the changelog proposed here.
如果您还存储了私钥,则最好先将其导出到另一个文件中,然后再将其再次导入:
If you've also stored private keys, I'd better export them first into another file and finally importing them again:
$ cd ~/.gnupg
$ gpg2 --export-secret-keys > secret-keys.gpg
$ gpg2 --export-ownertrust > otrust.lst
$ gpg2 --export > pubring.gpg
$ mv pubring.kbx pubring.kbx~
$ gpg2 --import-options import-local-sigs --import secret-keys.gpg
$ gpg2 --import-ownertrust otrust.lst
为Bouncy Castle实施.kbx格式.
这篇关于结合使用BouncyCastle和GnuPG 2.1的`pubring.kbx`文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
