Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Crypt::OpenPGP does not use encryption subkey, ignores key usage #9
Crypt::OpenPGP does not use an encryption subkey if available and uses the primary (sign-only) key for encryption. This is unfortunate for those of us using the subkey mechanism to store the primary key offline; a Crypt::OpenPGP will consequently encrypt to a private key not available.
I found out about this while trying to use the secure e-mail mechanism of Bugzilla (Mozilla's own instance). An independent bugreport was filed earlier . A workaround consists of manually splitting public keys, but this is tedious and error-prone.
Is there any chance support for key usage could be implemented?
For what it's worth, I think this bug stems from these lines:
which map the key usage to the whether or not the key should be used according to subroutines like
Since it appears that the Mozillians are too nice to say anything about it, this bug is blocking Mozilla bug 790487, which is causing the email report mechanism for security-critical bugs at Mozilla to not function correctly. Since I'm not a Mozillian, I don't mind pointing being the asshole who points out that you're fucking their shit up.