Allow reading keys without User IDs

[wiktor-k]

I would like to use openpgp.reformatKey to fix User ID-less key but unfortunately openpgp.key.readArmored does the check early and throws if there are no User IDs:

export default function Key(packetlist) {
  // ... elided ...
  if (!this.keyPacket || !this.users.length) {
    throw new Error('Invalid key: need at least key and user ID packet'); // <--------- here ------
  }
}

I think it would be useful to move the check later, for example to key.getPrimaryUser() so that keys without users can be read, inspected and reformatted. A similar approach was used in #1017 where the check was moved to a later stage.

If this sounds good I can provide the PR, if not I'm happy to discuss alternative approaches :)

[twiss]

Hey 👋 Yes, I think this approach can make sense 👍 Since verifyPrimaryKey calls getPrimaryUser, most uses of the key would still require a User ID, so this shouldn't change the behavior too much. (In fact, getPrimaryUser already throws in this case.)

Also here, please make a PR to the v5 branch?

[wiktor-k]

Hey 👋

Hello again :)

Yes, I think this approach can make sense 👍

Thanks!

Since verifyPrimaryKey calls getPrimaryUser, most uses of the key would still require a User ID, so this shouldn't change the behavior too much.

Great, I'll see how the unit tests react to this change :)

Also here, please make a PR to the v5 branch?

Just out of curiosity what's the timeframe for releasing v5? I don't mind waiting a little just wonder if that's a matter of weeks or months :)

[twiss]

Hello again :)

🙃

Just out of curiosity what's the timeframe for releasing v5? I don't mind waiting a little just wonder if that's a matter of weeks or months :)

Unfortunately, probably more months. Ideally speaking, we would like to switch to ECC, AEAD and v5 keys by default in v5. However, AEAD and v5 keys still haven't been released in GPG, so we either have to wait for that, or release without that, neither of which are ideal.

[tomholub]

Since the usecase we have for this doesn't appear to be an urgent one, doing a PR into v5 as Daniel suggested is ok. Thanks for the feedback 👍

[drzraf]

Isn't possible to use a id-less key for encryption?

[wiktor-k]

@drzraf even though encryption subkey is used in the process the user preferences (e.g. which symmetric algorithms to use) are stored in User ID signatures. So in general UIDless keys shouldn't be used for encryption (of course there are edge cases like preferences in direct key signatures but this is rarely used).

[nwalfield]

@wiktor-k: It's correct that Preferences are stored on the addressed User ID's self signature (or the primary User ID, if the certificate is addressed by its key id or fingerprint), but the RFC is explicit that if the preferences are not found on the User ID, then the implementation should fallback to the direct key signature, from Section 2.3.3:

subpackets on the
direct-key signature apply to the entire key.

As such, it is safe to use a certificate without a User ID. Of course, for the certificate to be valid, it has to then have a direct key signature.

[wiktor-k]

Good point @nwalfield, thanks for clarifying! I guess @twiss would be open for a PR to better align OpenPGP.js with the spec in case you're happy to provide one @drzraf :)

[wiktor-k]

Closing the ticket as it already has been addressed in #1146.