[Top] [All Lists]

[openpgp] Stripped Primary Secret Keys

2022-05-07 07:01:20
Hey OpenPGP'ers,

I'm currently working on support for secret keys where the primary secret key has been stripped (e.g. because it was moved to a smart card).

As far as I understand, GnuPG is using a (proprietary?) stubbing mechanism to mark stripped secret keys.

My initial impression was, that it should be legal to just remove the secret-key packet without replacing it with a stub packet, however now when parsing the secret key, Bouncy Castle is complaining that the secret key stream doesn't start with a secret key tag (since now the first packet in the stream is the primary public key packet).

Is this behavior expected? Or should implementations be able to deal with arbitrary combinations of public and secret keys?


openpgp mailing list