x/crypto/openpgp: Creating a signing subkey with an EmbeddedSignature doesn't seem possible

[paultag]

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

go version go1.9.2 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/paultag/go"
GORACE=""
GOROOT="/usr/lib/go-1.9"
GOTOOLDIR="/usr/lib/go-1.9/pkg/tool/linux_amd64"
GCCGO="/usr/bin/gccgo"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build824936553=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"

What did you do?

When creating a signing subkey in Go, I created an EmbeddedSignature, but when I Serialize, it goes missing.

This strikes me as weird, since Serialize will output the Signature when it parses one coming in. This makes me think that it's dumping some sort of raw internal slice containing the packets it saw coming in.

Is it possible to create a signing subkey in go? I don't see anyone using this field outside of validation.

What did you expect to see?

A Signature subpacket in my signature

What did you see instead?

No cross signature.

[paultag]

(Sorry for not finishing the title; updated)

[paultag]

cc @kbsriram @agl - if either of you can do a quick triage on if it's user error (in which case, I'll open a PR with docs) or if this is a legit issue.

I tried taking a whack at fixing it, but the signature serialization is a bit .... tightly coupled with writing out a signature packet. It didn't seem clear on the right way to refactor it, so I'm going to have to give up on fixing it.

[syadav2015]

@paultag @agl Seems like EmbeddedSignatures (0x19: Primary Key Binding Signature from RFC4880 Section 5.2.1) are not currently supported. Taking a look at the code in addSubKey() in openpgp/keys.go:

if sig.SigType != packet.SigTypeSubkeyBinding && sig.SigType != packet.SigTypeSubkeyRevocation {
	return errors.StructuralError("subkey signature with wrong type")
}

Seems like only SigTypeSubkeyBinding (0x18) is supported. I am planning to take a shot at implementing this. Any poc code or notes/docs you could share regarding this would help me get a jumpstart on this issue.

[FiloSottile]

Per the accepted #44226 proposal and due to lack of maintenance, the golang.org/x/crypto/openpgp package is now frozen and deprecated. No new changes will be accepted except for security fixes. The package will not be removed.

If this is a security issue, please email security@golang.org and we will assess it and provide a fix.

If you're looking for alternatives, consider the crypto/ed25519 package for simple signatures, golang.org/x/mod/sumdb/note for inline signatures, or filippo.io/age for encryption. You can read a summary of OpenPGP issues and alternatives here.

If you are required to interoperate with OpenPGP systems and need a maintained package, we suggest considering one of multiple community forks of golang.org/x/crypto/openpgp. We don't endorse any specific one.