Hey OpenPGP'ers,
I'm currently working on support for secret keys where the primary
secret key has been stripped (e.g. because it was moved to a smart card).
As far as I understand, GnuPG is using a (proprietary?) stubbing
mechanism to mark stripped secret keys.
My initial impression was, that it should be legal to just remove the
secret-key packet without replacing it with a stub packet, however now
when parsing the secret key, Bouncy Castle is complaining that the
secret key stream doesn't start with a secret key tag (since now the
first packet in the stream is the primary public key packet).
Is this behavior expected? Or should implementations be able to deal
with arbitrary combinations of public and secret keys?
Paul
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp