Quote Originally Posted by DuckHook View Post
gnupg is the Gnome implementation of pgp. It is a very good security feature if used properly and is associated with GPG2. Those files are harmless and in fact necessary for GPG2 to function properly:


However, unless GPG2 has been invoked for some other use, it is unusual to see these files created. Given the OP's concern with security, it would not be surprising to have these files inadvertantly created by a process that he/she may have initiated but think was unrelated. GPG2 is used at a low level to support many app functions or extensions: for example, Enigmail in Thunderbird, many VPN implementations, etc. Too many to list.

  • pubring.kbx is the public keyring keybox which is used to store generated public keys.
  • trustdb.gpg is the file containing the trust database
  • Everyone with a typical install has the private-keys-vl1.d which is the directory containing our private gpg keys. Even if we have no keys, the directory is generated.

Fooling around with these files/directories will almost certainly break some app functionalities that depend on them. However, they are admittedly obscure and difficult to parse.
I checked again and on my minimal Ubuntu MATE 19.04 install I do in fact have the private-keys-vl1.d directory, no surprise as DuckHook mentions.

I do not have the other files but also no surprise for me since I have been busy testing processes that likely would not need encryption.

I understand your concern about security but you have all the documentation and also support here so unless you want to try and backtrack and figure out which applications may have created those other files I would just leave it alone.

Just my opinion on the matter.