XPost: alt.security.pgp

gpg <2.1 and gpg>=2.1 keyring changes

gpg < 2.1 and gpg >= 2.1 use different mechanisms for
keyring storage.

gpg >= 2.1 will translate old gpg <2.1 keys into new
structure the first time it is run only. After that
never use gpg < 2.1 for creating new keys.

This is why gpa doesn't see gpg1 secret key. In gpg1 it
is stored separately.

https://lwn.net/Articles/696561/

GnuPG modern introduces a change to the way keyrings are
stored on disk, which could potentially cause migration
pains if care is not taken. Specifically, in the earlier
GnuPG branches, a user's private keys were stored in a
separate file (secring.gpg) from their public keys (in
pubring.gpg). But the public half of a user's own key
pair was stored in both secring.gpg and pubring.gpg,
meaning that steps were needed to keep the two in sync.
This is clearly less than ideal.

In GnuPG modern, the keys are all stored together (although
in an improved format that is easier to parse) and the
gpg-agent program simply keeps track of which ones include
a private component. The first time GnuPG modern is run on
a system with the old-style keyring files, it performs a
one-time conversion to the new format. The conversion is
painless, unless some package unwisely makes assumptions
about the way the ~/.gnupg directory is organized. But it
is one-way; users wanting to revert to the old format
should expect to do a significant amount of work.

So basically use gpg2 only, gpa won't see the keyring from
gpg1 properly.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)