Feature Request: Handle 'export-secret-subkeys' keyrings from GPG #251

AlanI-xx · 2014-08-24T16:10:37Z

It would be awesome to see OpenPGP.js support GPG's extension to PGP whereby you remove the private key to the master key of a keyring.

I understand this is not formally part of the PGP standard, however it's a valuable security feature and appears to be growing in popularity.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

a1j · 2015-11-04T07:36:54Z

+1 This is major security feature. Some people only use subkeys and don't keep master key around.

x3rAx · 2015-11-04T10:07:50Z

+1

technobro · 2016-10-12T14:03:23Z

+1

kupa79 · 2016-12-16T13:58:59Z

+1

yallara · 2017-01-31T12:23:22Z

+1

4lan5 · 2017-02-05T02:45:45Z

+1

DaffyDuke · 2017-05-09T21:00:52Z

+1

scooterx3 · 2017-08-08T02:59:32Z

+1

comzeradd · 2017-12-29T19:39:04Z

This also affects Rainloop.

tomholub · 2017-12-29T19:55:14Z

This is affecting us too for signatures. We may look into it in Q2 2018 if nobody else does.

neurolit · 2018-08-16T21:43:06Z

@tomholub hi! Any news about this implementation?

tomholub · 2018-08-17T00:19:14Z

For my OpenPGP.js contributions, this is the first priority after #753 gets ironed out and merged. If things go well, you should see a pull request in 1-2 months.

tomholub · 2019-01-04T13:31:52Z

I may still get to this one day, but haven't even started yet. If someone wants to tackle this, please feel free.

tomholub · 2019-02-24T17:05:07Z

I'm overwhelmed & cannot do this soon enough.

On behalf of FlowCrypt I'm offering a $1,000 bounty for someone to address this in a PR. Conditions:

The PR solves the issue
The PR gets accepted by OpenPGP.js maintainers

Sample key (pass phrase FlowCrypt):

twiss · 2019-02-25T21:40:34Z

P.S. @tomholub I'll bow out from the bounty, since I'm one of the maintainers of this library, and the 15 line patch above doesn't really feel worthy of $1000 ^.^ I'd be grateful if you'd redirect it to another issue that you care about as well (only if you have one, of course), primarily in hopes of attracting new contributors - for that purpose, it might also help if you post it to bountysource as well. Which, I now see, already had a $25 bounty for this issue 🙃 https://www.bountysource.com/issues/4013557-feature-request-handle-export-secret-subkeys-keyrings-from-gpg

tomholub · 2019-02-28T18:53:47Z

Understood, thank you! I will redirect the bounty to other issues.

elijahpaul mentioned this issue Nov 21, 2014

[PGP] Signing email w/ signing subkey fails. RainLoop/rainloop-webmail#379

Closed

This was referenced Dec 10, 2016

GNU --export-secret-subkeys extension mailvelope/mailvelope#186

Open

Cannot sign emails with subkeys mailvelope/mailvelope#345

Open

yallara mentioned this issue Jan 31, 2017

Unkown s2k type mailvelope/mailvelope#460

Open

tomholub mentioned this issue Dec 29, 2017

cannot sign a message if primaryKey missing and using subkey: key not decrypted FlowCrypt/flowcrypt-browser#583

Closed

mahrud added Feature Compatibility Security labels Mar 19, 2018

twiss mentioned this issue Jan 4, 2019

support subkey-only keys (without primary key) #829

Closed

tomholub mentioned this issue Feb 11, 2019

import subkey-only keys FlowCrypt/flowcrypt-browser#1221

Closed

twiss mentioned this issue Feb 24, 2019

Support GNU export-secret-subkeys extension #865

Merged

twiss closed this as completed in #865 May 4, 2019

nagromc mentioned this issue May 13, 2019

Use OpenPGP smart card to decrypt and sign emails ProtonMail/WebClients#122

Closed

neurolit mentioned this issue May 29, 2019

Signing with encrypted subkeys (and without master key) doesn't work? mailvelope/mailvelope#199

Closed

tomholub mentioned this issue Aug 23, 2019

double check and test export-secret-subkeys GNU extension FlowCrypt/flowcrypt-browser#1972

Closed

altsalt mentioned this issue Jul 29, 2021

When loading PGP subkeys: Error parsing RSA key: Error: Invalid enum value. trustcrypto/OnlyKey-App#98

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feature Request: Handle 'export-secret-subkeys' keyrings from GPG #251

Feature Request: Handle 'export-secret-subkeys' keyrings from GPG #251

AlanI-xx commented Aug 24, 2014

a1j commented Nov 4, 2015

x3rAx commented Nov 4, 2015

technobro commented Oct 12, 2016

kupa79 commented Dec 16, 2016

yallara commented Jan 31, 2017

4lan5 commented Feb 5, 2017

DaffyDuke commented May 9, 2017

scooterx3 commented Aug 8, 2017

comzeradd commented Dec 29, 2017

tomholub commented Dec 29, 2017

neurolit commented Aug 16, 2018

tomholub commented Aug 17, 2018

tomholub commented Jan 4, 2019

tomholub commented Feb 24, 2019

twiss commented Feb 25, 2019

tomholub commented Feb 28, 2019

Feature Request: Handle 'export-secret-subkeys' keyrings from GPG #251

Feature Request: Handle 'export-secret-subkeys' keyrings from GPG #251

Comments

AlanI-xx commented Aug 24, 2014

a1j commented Nov 4, 2015

x3rAx commented Nov 4, 2015

technobro commented Oct 12, 2016

kupa79 commented Dec 16, 2016

yallara commented Jan 31, 2017

4lan5 commented Feb 5, 2017

DaffyDuke commented May 9, 2017

scooterx3 commented Aug 8, 2017

comzeradd commented Dec 29, 2017

tomholub commented Dec 29, 2017

neurolit commented Aug 16, 2018

tomholub commented Aug 17, 2018

tomholub commented Jan 4, 2019

tomholub commented Feb 24, 2019

twiss commented Feb 25, 2019

tomholub commented Feb 28, 2019