search

keybase / gpg-wrapper

A wrapper around the GPG CLI.
BSD 3-Clause "New" or "Revised" License
23 stars 7 forks source link

the gpg.conf options and overrides #7

Closed Hasimir closed 6 years ago

Hasimir commented 9 years ago

Hello,

On lines 525 to 555 of keyring.iced there appears to be a lotof angst about having trouble finding the keyrings or gpg.conf file used on any given system.

There are two solutions to this; the quick and dirty one; and the more in depth one.

The first is easy, just run: gpg --version (or gpg2 --version) and look for the line which begins with "Home: " and that's it.

For example, here are mine:

bash4-4.3$ gpg --version
gpg (GnuPG) 2.1.5
libgcrypt 1.6.3
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/ben/.gnupg2
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
    CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
bash4-4.3$ gpg1 --version
gpg (GnuPG) 1.4.19
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/ben/.gnupg1
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
    CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
bash4-4.3$

If you're worried about users changing the locations or default invocation, this should be covered, as my case demonstrates because:

bash4-4.3$ which gpg
/usr/local/bin/gpg
bash4-4.3$ cat /usr/local/bin/gpg
#!/bin/bash

exec /opt/local/bin/gpg2 --homedir $HOME/.gnupg2 "$@"

# EOF
bash4-4.3$ which gpg1
/usr/local/bin/gpg1
bash4-4.3$ cat /usr/local/bin/gpg1
#!/bin/bash

# Force Tor proxy for key retrieval

export http_proxy="http://127.0.0.1:8118"
export https_proxy="https://127.0.0.1:8118"

#
exec /usr/local/bin/gpg-1.4.19 --homedir $HOME/.gnupg1 "$@"

# EOF
bash4-4.3$

Whereas the real default location on OS X and Linux is $HOME/.gnupg/ (in my case that's symlinked to $HOME/.gnupg2/ as well).

Obviously those scripts also show the override method.

Now, the more detailed and in depth method actually requires less from me. Instead you need to read through autogen.sh and autogen.rc in the GPG source code (main directory, not any of the subdirectories, where the configure script is). That's got all the various default locations too. It includes all the Windows locations as well.

Oh, even if you leave the gpg.conf alone, you can still override the keyring used with "--no-default-keyring" then append that with the new keyring file info "--keyring /path/to/alt-pubring.gpg" and off you go ...

Although from 2.1.0 onward, the public keyring is replaced with the keybox format. So that might be a more pressing issue for you (maybe).

Finally, if you really want to explore the thing on the command line, have a look at the output of: gpg --dump-options

Hasimir commented 6 years ago

Solution is now deprecated (sans implementation) due to GPG 2.0.x EOL as of 2018-01-01.