Is there an windows gpg LTS version?

James · March 7, 2024, 1:05pm

Hi all,

I could not see anything about being able to use the LTS version of gpg on windows.

It looks like gpg4win is the latest and greatest only, did I miss something?

(for the curious gpg 2.4 can not read public keyrings from 2.2 and this breaks interoperability and keyring sharing across versions, which is an internal thing we have…)

eebb · March 7, 2024, 1:30pm

That is true, there is no LTS Version of Gpg4win.

This is not true. If you experience problems when migrating from gpg 2.2 to 2.4 please describe them so that we can help you to solve them.

James · March 7, 2024, 1:42pm

This is not true

see below for the comparison using the same public keyring file for both versions.

❯ gpg --version
gpg (GnuPG) 2.4.4
libgcrypt 1.10.3
Copyright (C) 2024 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: C:\Users\jnord\AppData\Roaming\gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


❯ gpg --list-keys --no-default-keyring --keyring C:\Users\jnord\.opscore\keyring\pubring.kbx
[keyboxd]
---------
pub   rsa4096 2015-06-30 [SC]
      5AE741F41FE65E2FBBE11319FE40B89B0C574BAD
uid           [ultimate] James <readacted@readacted.com>
sub   rsa4096 2015-06-30 [E]

vs 2.2

❯ c:\Users\jnord\Desktop\2.2.42\bin\gpg --version
gpg (GnuPG) 2.2.42
libgcrypt 1.8.11
Copyright (C) 2023 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: C:/Users/jnord/AppData/Roaming/gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

❯  c:\Users\jnord\Desktop\2.2.42\bin\gpg --list-keys --no-default-keyring --keyring C:\Users\jnord\.opscore\keyring\pubring.kbx
C:\Users\jnord\.opscore\keyring\pubring.kbx
-------------------------------------------
pub   rsa3072 2022-01-12 [SC]
      037F466B2E6D0F0515C9B12F9F6C9A3DA1020F1F
uid           [ unknown] REDACTED  (REDACTED) <xxx@readacted>
sub   rsa3072 2022-01-12 [E]

pub   rsa3072 2023-12-06 [SC] [expires: 2024-12-05]
      907F8A712860204325E9BA2A90ED5557A2FF252E
uid           [ unknown] REDACTED REDACTED <REDACTED@readacted.com>
uid           [ unknown] REDACTED <REDACTED@readacted.com>
sub   rsa3072 2023-12-06 [E] [expires: 2024-12-05]

pub   rsa4096 2024-01-11 [SC] [expires: 2025-01-10]
      699D581B5441BBC43617799DAC072F047D2FAFA4
uid           [ unknown] REDACTED REDACTED <REDACTED@readacted.com>
sub   rsa4096 2024-01-11 [E] [expires: 2025-01-10]

...snipped...

eebb · March 7, 2024, 2:29pm

You are using keyboxd in your new 2.4 installation which uses a sqlite database for the public keys instead of the old keyring format. You either have to switch off keyboxd or migrate your old keyring to the new format, see Gpg4win anouncement for 4.2 or for more detailed info the README of gpg 2.4.

As keyboxd is enabled by putting “use-keyboxd” in the file common.conf in your GPGHOME, you can disable it by commenting that line out in case you do not have imported any keys there yet. Otherwise you could use the gpg-disable-keyboxd script.

Keyboxd has the advantage of being faster than the classic keyring.
To migrate your old keyring to keyboxd see the instructions in the README of gpg2.4 or use the gpg-enable-keyboxd script shipped with gpg4win.

James · March 14, 2024, 11:02am

Thanks eebb.

so there is no way to switch the format on the CLI? (I appreciate using multiple different public keyrings is a very strange thing to do, but I am in this position).
That is the default public key ring can be keybox, but if I specify a different keyring then it may or may not be in the same format (the keyring is not “owned” by me, so converting it is not an option).

aheinecke · March 14, 2024, 6:15pm

The best thing to do in such a case is using different homedirs ang the --homedir option. Otherwise some other strangeness will occur e.g. that you have one trustdb for different keyrings etc.