This is the procedure to migrate from the old keyring to the new toolset:
- Insert the USB thumbdrive
- Run the
start_windows.cmd
command script - Enter the master passphrase and wait for Gpg4Usb to launch
Follow the procedure outlined here.
You should have the following folder structure:
GnuPG 4 USB/
GPG4Win/
GnuPG/
home/
Kleopatra.lnk
Command Prompt.lnk
7Zip/
7Za.exe
SysInternals/
sdelete.exe
- In the – initially empty –
home
(new keyring) folder, create a text file namedgpg.conf
with the following content:
keyserver hkps://keys.openpgp.org
- Run Kleopatra and check that you can successfully connect and retrieve public keys from the key server.
- Select the
Search on server...
option and search for the public key associated withspringcomp@e.email
.
When all of this is working close Kleopatra and proceed to next step.
Note: Kleopatra is an application that runs in the system tray. Right click on its icon and select Stop Kleopatra
to exit.
Important: this procedure requires the keyring to be "open", with the Gpg4Usb app running.
- Copy the entire contents of the
keydb
folder where your keyrings used to be stored to the newhome
folder, overriding and replacing existing files. - Update the
gpg.conf
and add a new linekeyserver hkps://keys.openpgp.org
- Open Kleopatra and check that you can successfully see the keys, including one with a private key (displayed in bold)
- Close Kleopatra (remember to right-click the Kleopatra icon from the system tray and select
Stop Kleopatra
)
Update the Kleopatra.cmd
script so that it has the following content:
Warning: if you are reading a translation of this page, make sure to use the original version of the script. The translator might have corrupted the script by attempting to translate instructions.
@echo off SET "_GPG4WIN=%~d0%~p0/bin" FOR /F "delims=" %%F IN ("%_GPG4WIN%") DO SET "_GPG4WIN=%%~fF" SET "_GNUPG=%~d0%~p0/../GnuPG/bin" FOR /F "delims=" %%F IN ("%_GNUPG%") DO SET "_GNUPG=%%~fF" SET "_GNUPG_HOME=%~d0%~p0/../home" FOR /F "delims=" %%F IN ("%_GNUPG_HOME%") DO SET "_GNUPG_HOME=%%~sF" SET PATH=%PATH%;%_GPG4WIN%;%_GNUPG% SET GNUPGHOME=%_GNUPG_HOME% call "%~dp0..\..\7zip\7za.exe" e "%_GNUPG_HOME%\private-keys-v1.d.7z" -o"%_GNUPG_HOME%\private-keys-v1.d" -y if errorlevel 2 goto finish Kleopatra.exe call "%~dp0..\..\Sysinternals\sdelete.exe" -s -q -p 35 "%_GNUPG_HOME%\private-keys-v1.d\" call "%~dp0..\..\Sysinternals\sdelete.exe" -s -q -p 35 "%_GNUPG_HOME%\private-keys-v1.d\" rmdir -s -q "%_GNUPG_HOME%\private-keys-v1.d" >NUL 2>&1 taskkill /f /im kleopatra.exe >NUL 2>&1 echo success. echo. :finish
Note: make sure that the path to the 7za.exe
and sdelete.exe
tools is correct, relative to the current folder where Kleopatra.cmd
is located.
You can now close Gpg4Usb.
The old public key ring pubring.gpg
file has been migrated to the new pubring.kbx
keybox file.
You can remove the old pubring.gpg
(and its backup pubring.back
) file safely.
You now need to secure the private key folder using the following commands.
First, open a command prompt (by double-clicking the Command Prompt
script created earlier) and type the commands:
..\..\7zip\7za.exe a -p"<master-passphrase>" "%_GNUPG_HOME%\private-keys-v1.d.7z" "%_GNUPG_HOME%\private-keys-v1.d\*"
..\..\Sysinternals\sdelete.exe -s -q -p 35 "%_GNUPG_HOME%\private-keys-v1.d\"
..\..\Sysinternals\sdelete.exe -s -q -p 35 "%_GNUPG_HOME%\private-keys-v1.d\"
At this point, you have successfully migrated to the new toolset.
- Check that you can successfully plug the USB thumbdrive and double-click on the Kleopatra shortcut.
- Check that you can successfully input the master passphrase to extract the temporary private keys.
- Check that Kleopatra is running successfully and shows the keys, include the ones associated with a private key (displayed in bold)
Once that is confirmed working, you can proceed to delete the old private keyring.
Note: please, remember to properly exit Kleopatra by right-clicking the system tray icon and selecting Stop Kleopatra
.
The old secret key ring secring.gpg
file have been migrated to the new private-keys-v1.d
folder.
You can remove the old secring.gpg
, (and its now obsolete compressed archive secring.7z
) using the following commands:
..\..\Sysinternals\sdelete.exe -p 35 "%_GNUPG_HOME%\secring.gpg"
..\..\Sysinternals\sdelete.exe -p 35 "%_GNUPG_HOME%\secring.7z"
..\..\Sysinternals\sdelete.exe -p 35 "%_GNUPG_HOME%\secring.7z.back"
Use the following commands (yes, run them twice) to remove the old keydb
keyring folder:
..\..\Sysinternals\sdelete.exe -s -q -p 35 keydb
..\..\Sysinternals\sdelete.exe -s -q -p 35 keydb
You can remove the old GnuPG 4 USB
folder.