Hi Kai,
On Fri, 11 Dec 2020 08:21:26 +0100,
Wiktor Kwapisiewicz wrote:
On 10.12.2020 22:38, Kai Engert wrote:
Is it possible to include the sender's own public key as part of a
detached OpenPGP signature?
You may be interested in the Key Block signature subpacket as detailed
in here:
https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-10#section-5.2.3.31
Storing the certificate in a subpacket area of the signature, as
Wiktor points out, is reasonable.
The subpacket that Wiktor references, however, was added to 4880bis
without any discussion on this mailing list, as far as I am aware
(please correct me if I am wrong). As such, I would recommend that
you instead use a notation. If, at a later point, this subpacket or a
similar one is indeed standardized, it is straightforward enough to
adapt your implementation.
You could actually store the subpacket or notation in the unhashed
subpacket area since the content is self authenticating (you can check
that the certificate is valid by checking the signature).
One thing to be aware of: the subpacket areas can only hold 64kb of
data. So, you really should minimize the certificate.
:) Neal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp