Today I was playing with GnuPG, trying to add a couple of public keys to an “external” keyring (some random file, not my own keyring). Why? you ask. Well, I was preparing some Debian package containing GPG keys for APT repository signing (like
debian-archive-keyring and such).
The point is, I was really confused for quite a bit because, after reading the
gpg manpage, I was trying things like:
gpg —no-default-keyring —keyring keys.gpg —import … # Wrong!
But that wouldn’t add anything to the
keys.gpg, which I swear I had in the current directory. After a lot of wondering, I realised that
gpg interprets paths for keyrings as relative to…
~/.gnupg, not the current directory. I guess it’s because of security reasons, but I find it really confusing.
The lesson learned, always use
--keyring ./keys.gpg or, better, never use
keys.gpg as filename for external keyrings, but something more explicit and “non-standard” like
my-archive-keyring.gpg or whatever.