Daniel Nagy writes:
I sincerely hope that this whole mess will be cleaned up with V5, where
there seems to be a consensus not to implement encrypted private key packets
at all, but put unencrypted private key packets into integrity protected
symmetrically encrypted packets instead.
I haven't participated in the recent discussion, partly because I think
it is a little premature until we get the current spec put to bed.
I am not sure I like this idea. We'll need to retain the old mechanism
for many years at least, requiring us to support yet another set of
incompatible mechanisms. And I don't know if the new proposal really
simplifies things much.
Complications have been pointed out regarding sending multiple keys
encrypted with different passphrases, requiring us to explicitly support
multiply-concatenated symmetric-encryption & SKESK packets, which is
not necessary at present. It might require us to bite the bullet and
clarify exactly what sequences of packets are legal, with possible
backwards-compatibility problems.
It would also seem to require that we store the keys in this new format,
otherwise we have to ask the user for every passphrase when we import a
bunch of keys like this, in order to decrypt the symmetric packets and
convert them to the legacy format. So it has negative implications for
existing implementations.
These may not be total show-stoppers but I do want to go on record as
not being ready to endorse this proposal yet.
Hal Finney