Mailing List Archive

Please send your email as plain text, not HTML.

> We're currently running 1.4.7 and want to install and use gpg on a new
> server.  I was hoping to install one of the latest 2.2.1.7 perhaps...
> Can someone tell me if that is even possible?  I was hoping to just
> install the new one and then move my /.gnupg dir over there
> rock-n-roll..    Are these version compatible or do we need to just
> install that same old version?

Migrating from 1.4 to 2.2 is not quite *that* simple, but it isn't hard.
A while ago I put together some detailed how-to notes: let me dig them
up and I'll get back to you.

Some people will tell you that yes, you can just install-and-go. It's
certainly possible to *for some users*, but there are corner cases that
can complicate things -- which is why a checklist is useful.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> Migrating from 1.4 to 2.2 is not quite *that* simple, but it isn't hard.
> A while ago I put together some detailed how-to notes: let me dig them
> up and I'll get back to you.

Can't immediately find them, but here goes. This is a bit of a process
but it will leave you with a fresh, clean GnuPG 2.2 directory with all
of your GnuPG 1.4 data intact. And it should also cover the vast
majority of the odd corner cases, too.



1. Start by backing up your ~/.gnupg directory. We're going to be
nuking, paving, and rebuilding. Don't skip this, as there will be files
in here you'll definitely need.

2. Get a list of every ultimately-trusted key on your keyring. I do
this with standard command-line tools:

$ gpg --fixed-list-mode --with-colons --list-keys | \
grep "^pub:u:" | cut -d ":" -f 5 > ~/trusted_keys.txt

3. Export your entire public and private keyrings.

$ gpg --export-options export-local-sigs,export-sensitive-revkeys \
--export > ~/pubkeys.gpg
$ gpg --export-secret-keys > ~/privkeys.gpg

4. Kill gpg-agent.

$ killall gpg-agent

4. Empty the ~/.gnupg dir.

$ rm -rf ~/.gnupg/*

5. From the backup you made in step 1, restore the following files.
(You may not have all of them. If you're missing some, or even most,
that's okay.)

dirmngr.conf
dirmngr.conf-1
dirmngr.conf-1.4
gpa.conf (no -1, -1.4 variants exist)
gpg.conf
gpg.conf-1
gpg.conf-1.4
gpg-agent.conf
gpg-agent.conf-1
gpg-agent.conf-1.4
gpgsm.conf
gpgsm.conf-1
gpgsm.conf-1.4
policies.txt
scdaemon.conf
scdaemon.conf-1
scdaemon.conf-1.4
scd-event
sshcontrol
trustlist.txt

6. Look in your new ~/.gnupg dir for GnuPG 1.4-specific configuration
files:

$ ls ~/.gnupg/*.conf-1*

Then look for unversioned configuration files:

$ ls ~/.gnupg/*.conf

If you have, e.g., a gpg.conf-1 file but not a gpg.conf file, make a new
unversioned file out of the old one. E.g.,

$ cp ~/.gnupg/gpg.conf-1 ~/.gnupg/gpg.conf

7. Import your secret keys into gpg2:

$ gpg2 --import ~/sec.gpg
$ gpg2 --import-options import-local-sigs,import-clean \
--import ~/pub.gpg

8. Mark your previously ultimate-trusted keys as ultimate-trusted
again. For each key in your ~/trusted_keys.txt file,

$ gpg2 --edit-key [insert key ID here] trust

Set each trust to ultimate by typing '5'.




... You should be done!

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users