Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/openpgp: Cannot encrypt with ECDSA #30388

samuel-uniris opened this issue Feb 25, 2019 · 7 comments

x/crypto/openpgp: Cannot encrypt with ECDSA #30388

samuel-uniris opened this issue Feb 25, 2019 · 7 comments


Copy link

@samuel-uniris samuel-uniris commented Feb 25, 2019

What version of Go are you using (go version)?

$ go version
go version go1.11 darwin/amd64

Does this issue reproduce with the latest release?


What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/nh/t0dtwkp10y972qpr3jck0wnw0000gn/T/go-build798446226=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

I created a ECDSA key based on the crypto/elliptic package.
Then I used it with openpgp: packet.NewECDSAPrivateKey(time.Now(), key)
Then I created an entity

e := &openpgp.Entity{
	PrivateKey: pv,
	PrimaryKey: &pv.PublicKey,
	Identities: map[string]*openpgp.Identity{},
isPrimary := true
uid := packet.NewUserId("sam", "", "")
e.Identities[uid.Id] = &openpgp.Identity{
	Name:   uid.Id,
	UserId: uid,
	SelfSignature: &packet.Signature{
		CreationTime: time.Now(),
		PubKeyAlgo:   packet.PubKeyAlgoECDSA,
		IsPrimaryId:  &isPrimary,
		IssuerKeyId:  &e.PrimaryKey.KeyId,
		Hash:         crypto.SHA256,
e.Identities[uid.Id].SelfSignature.SignUserId(uid.Id, e.PrimaryKey, e.PrivateKey, nil)

Then I tried to encrypt using this entity

buf := new(bytes.Buffer)
res, err := openpgp.Encrypt(buf, []*openpgp.Entity{e}, nil, nil, nil)
if err != nil {

And I got this error: openpgp: unsupported feature: encrypting a key to public key of type 19

After searching in the codebase, I found that Encrypt call the method SerializeEncryptedKey which not handle ECDSA keys

switch pub.PubKeyAlgo {
	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
		return serializeEncryptedKeyRSA(w, config.Random(), buf, pub.PublicKey.(*rsa.PublicKey), keyBlock)
	case PubKeyAlgoElGamal:
		return serializeEncryptedKeyElGamal(w, config.Random(), buf, pub.PublicKey.(*elgamal.PublicKey), keyBlock)
	case PubKeyAlgoDSA, PubKeyAlgoRSASignOnly:
		return errors.InvalidArgumentError("cannot encrypt to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo)))

	return errors.UnsupportedError("encrypting a key to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo)))
@gopherbot gopherbot added this to the Unreleased milestone Feb 25, 2019
Copy link

@bcmills bcmills commented Feb 25, 2019

CC @bradfitz @FiloSottile @agl for x/crypto/openpgp

(See also the lengthy discussion of the future of openpgp in #30141.)

Copy link

@antong antong commented Feb 25, 2019

DSA stands for Digital Signature Algorithm. You can only sign with it, not encrypt, if I don't misunderstand the issue.

Copy link

@samuel-uniris samuel-uniris commented Feb 25, 2019

We can make some encryption with ECC.
By example using gpg2 tool we can encrypt using an elliptic curve. So why the encrypt method of openpgp does not support?

Copy link

@antong antong commented Feb 26, 2019

@samuel-uniris , I don't think even gpg will accept a key such as the one you made in your example code. You can add code to write out the public key, import it in gpg and see what it says. It is true that there there are specifications for encrypting with ECC in OpenPGP (RFC6637). I'm no expert, but I couldn't find a way to do this with x/crypto/openpgp (see my attempt: #22015 (comment)).

Can you tell a bit more about what you are trying to achieve? Do you need to interoperate with PGP, or do you just need to encrypt messages or files within your application or system? In case you don't need to interoperate with PGP, there are more modern libraries that are much easier and safer to use. See for instance nacl/box or saltpack.

Copy link

@samuel-uniris samuel-uniris commented Feb 26, 2019

Actually I implemented an ECIES using ECDSA with x509 standard and wanted to do the same with OpenPGP standard . But maybe the lib is outdated or no Gpg2 compliant.

Copy link

@Merovius Merovius commented Feb 26, 2019

It might be interesting to have this. If I find the time, I might have a go. Though right now it's not quite clear how that works - AIUI the question of maintainership of x/crypto/openpgp isn't fully settled.

Copy link

@FiloSottile FiloSottile commented Mar 29, 2021

Per the accepted #44226 proposal and due to lack of maintenance, the package is now frozen and deprecated. No new changes will be accepted except for security fixes. The package will not be removed.

If this is a security issue, please email and we will assess it and provide a fix.

If you're looking for alternatives, consider the crypto/ed25519 package for simple signatures, for inline signatures, or for encryption. You can read a summary of OpenPGP issues and alternatives here.

If you are required to interoperate with OpenPGP systems and need a maintained package, we suggest considering one of multiple community forks of We don't endorse any specific one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants