obscure failures with gpg2/gpg1 installed

[baughj]

Hello,

For a while I was tracking down a particularly obscure error with blackbox decryption, involving

gpg: [don't know]: invalid packet (ctb=00)

In my case, this was because the machine being used to deploy did not have gpg2 but gpg1, but Blackbox was initialized with gpg2, thus resulting in a pubring.kbx in the repo (in Keybox format) and not a v1 ring (e.g. pubring.gpg).

The fix in https://github.com/StackExchange/blackbox/pull/237 is not sufficient to handle this edge case, since it will simply fail through to the else and try to use GPG1 to export the keybox (_blackbox_common.sh, line 159):

$GPG --keyring "$(get_pubring_path)" --export | $GPG --import

...which results in the above awesome, super helpful GPG error.

I'd like to submit a PR for this but I was wondering if I could get some guidance as I believe this case should either warn the user or fail outright with a very clear message - either that, or ring creation itself during blackbox initialization should always use the older v1 rings, which are consumable everywhere (but that is a much larger change).

[tlimoncelli]

sorry for the long delay...

1. yes, please move forward with a PR. I'd be glad to answer any questions.

2. Ultimately we shouldn't depend on the binary format. Instead of storing pubring.gpg, we should store the output of:

$GPG --keyring "$(get_pubring_path)" --export -a --output pubkeyring-ascii.txt

We'd have to change a lot of code so that it tests to see if pubkeyring-ascii.txt exists and use it, defaulting to pubring.gpg for backwards compatibility.

(I'm not sure if that will help but it certainly won't be worse.)