New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: Handle 'export-secret-subkeys' keyrings from GPG #251
Comments
+1 This is major security feature. Some people only use subkeys and don't keep master key around. |
+1 |
1 similar comment
+1 |
+1 |
1 similar comment
+1 |
+1 |
2 similar comments
+1 |
+1 |
This also affects Rainloop. |
This is affecting us too for signatures. We may look into it in Q2 2018 if nobody else does. |
@tomholub hi! Any news about this implementation? |
For my OpenPGP.js contributions, this is the first priority after #753 gets ironed out and merged. If things go well, you should see a pull request in 1-2 months. |
I may still get to this one day, but haven't even started yet. If someone wants to tackle this, please feel free. |
I'm overwhelmed & cannot do this soon enough. On behalf of FlowCrypt I'm offering a $1,000 bounty for someone to address this in a PR. Conditions:
Sample key (pass phrase
|
P.S. @tomholub I'll bow out from the bounty, since I'm one of the maintainers of this library, and the 15 line patch above doesn't really feel worthy of $1000 ^.^ I'd be grateful if you'd redirect it to another issue that you care about as well (only if you have one, of course), primarily in hopes of attracting new contributors - for that purpose, it might also help if you post it to bountysource as well. Which, I now see, already had a $25 bounty for this issue 🙃 https://www.bountysource.com/issues/4013557-feature-request-handle-export-secret-subkeys-keyrings-from-gpg |
Understood, thank you! I will redirect the bounty to other issues. |
It would be awesome to see OpenPGP.js support GPG's extension to PGP whereby you remove the private key to the master key of a keyring.
I understand this is not formally part of the PGP standard, however it's a valuable security feature and appears to be growing in popularity.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: