While importing my keys to GnuPG on a new system, I considered the following:
- Is it possible to synchronize the gpg and gpg2 (gpg2.1) keychains?
- Is it wise to do so?
I found this answer to "Are GnuPG 1 and GnuPG 2 compatible with each other?", it states the following:
An important change came with GnuPG 2.1, which combines the formerly
separated public and private keyrings (pubring.gpg vs. secring.gpg)
into the public keyring. This has been implemented in a manner keeping
things compatible, so you can still use GnuPG 1 when GnuPG 2.1
integrated the private keyring, but changes to the private keys will
not show up for the respective other implementation. From the
[…] allows co-existence of older GnuPG versions with GnuPG 2.1. However, any change to the private keys using the new gpg will not
show up when using pre-2.1 versions of GnuPG and vice versa.
Synchronisation on file level is no option, also there seems to be no built in mechanism to sync the chains.
Am I safe to just export all pub and sec keys from gpg and import them via gpg2 (cronjob etc.) and vice versa or could this end me with unconsidered consequences?
I did not automate the key synchronisation but transfered all keys from my gpg keychain to the gpg2 keychains and symlinked gpg2 to gpg to make sure i always use gpg2. This seems to be a better solution than holding all keys in different keyrings.
gpg --export | gpg2 --import gpg --export-secret-keys | gpg2 --import sudo mv /usr/bin/gpg /usr/bin/gpg1 sudo ln -s /usr/bin/gpg2 /usr/bin/gpg