x/crypto/openpgp: Better support for signing subkeys #41618
Comments
|
/cc @FiloSottile |
|
@taralx I had added support for subkey signatures along with revocation support for keys and subkeys in https://go-review.googlesource.com/c/crypto/+/161817, however lack of any reviews or response from upstream devs for ctypto/openpgp package ( see this discussion for reference ) led me to submit my changes to protonmail's crypto package fork and update my project to use their fork. |
|
Per the accepted #44226 proposal and due to lack of maintenance, the golang.org/x/crypto/openpgp package is now frozen and deprecated. No new changes will be accepted except for security fixes. The package will not be removed. If this is a security issue, please email security@golang.org and we will assess it and provide a fix. If you're looking for alternatives, consider the crypto/ed25519 package for simple signatures, golang.org/x/mod/sumdb/note for inline signatures, or filippo.io/age for encryption. You can read a summary of OpenPGP issues and alternatives here. If you are required to interoperate with OpenPGP systems and need a maintained package, we suggest considering one of multiple community forks of golang.org/x/crypto/openpgp. We don't endorse any specific one. Thank you! |
Support already exists for reading and verifying signing subkeys, but not creating or writing them. Proposed changes:
Currently embedded signatures will not serialize if the signature is generated/re-generated. This adds that functionality and introduces a Signature.SerializeRaw method that writes the signature without the packet wrapper.
Signing subkeys require a cross-signature, which is computed on the same hash as the subkey binding signature. This introduces a Signature.CrossSignKey method that can be used to generate these cross-signatures.
The text was updated successfully, but these errors were encountered: