Comment # 13 on bug 1093836 from Manfred Hollstein

Here is how I can reproduce the failure:

0. Pre-condition: working user is "manfred", new test user is "gpgtestuser"
1. Create a new DSA/elGamal 1024-bit key for user "gpgtestuser" (didn't test
other options, as this is how my current key looks now) on openSUSE Leap 42.3
using gpg2-2.0
2. Distribute/accept the new public key into your own key ring
3. Exchange some signed/encrypted e-mails just to check if it works
4. Reboot into openSUSE Leap 15.0
5. Run "gpg2 --list-secret-keys" as user "gpgtestuser" (here you'll see that
your database gets converted)
6. Send a new signed/encrypted e-mail using thunderbird/enigmail-2.0.2 (or
later) to your own account "manfred"
7. Verify new message can be decrypted
8. Reboot into openSUSE Leap 42.3
9. Look at the latest message as user "manfred" now using
thunderbird/enigmail-2.0.4 => BOOM, message can no longer be seen/decrypted
10. Downgrade enigmail to version 1.9.9-9.1 and, voila, message can be
decrypted again.

To be honest, I find this really distracting, as GPG is used by a variety of
important tools (such as "rpm", ...), so it should be possible to have a stable
set of keys for every days environments, no?!?

I haven't found any instructions/reports/... how to transparently deal with
this. Do you know of any?