gpg2: How to use another secret and public keyring?

Question

I know that gpg2 uses the gpg-agent to get private-keys. Per default they are stored in ~/.gnupg/private-keys-v1.d.

Now I'm questioning myself if it's possible to instruct gpg to use another agent on another machine? The documentation is not very helpful because it does not explain how to connect your gpg to another gpg-agent. But as gpg2 requires you to use gpg-agent their is no other way to use a new keyring.

My second question is, if it's possible to instruct gpg-agent to use another dir than the default private-keys-v1.d for looking up keys?

The documentation for gpg2 also contains no option to specify a new public keyring. Is it still available although not mentioned anymore in the docs?

Greetings Sebi2020

Answer 1

If you are connected from machine A (e.g. your PC) to remote machine B over SSH, yes, you can instruct gpg2 on B to use gpg2 agent on A, using GnuPG Agent Forwarding (link to the gnupg manual). This is how you can use your local gpg keys on remote machines typically. Make sure you have proper versions of gnupg and OpenSSH for that (see the manual).

You may not be able to change only the subfolder name private-keys-v1.d per se, but you can replace the default gpg home directory ~/.gnupg/private-keys-v1.d with whatever_directory/private-keys-v1.d, whatever_directory being whatever directory you want to use as gpg home directory. 2 ways of doing that: set the GNUPGHOME environment variable, or use gpg --homedir option. This is still valid for gpg 2.2.4 at least. E.g. using gpg keys from a usb drive: gpg --homedir /media/usb1/gnupg ...

The options to specify a new public keyring are --keyring and --primary-keyring (use --no-default-keyring to exclude default keyring completely). Valid for gpg 2.2.4.