[Top] [All Lists]

Re: [openpgp] Stripped Primary Secret Keys

2022-05-09 09:47:08
I'm sorry for being imprecise previously. I missed the fact that a Secret Key packet contains the public key material too.


Am 09.05.22 um 16:41 schrieb Paul Schaub:
Okay, maybe we are talking past another.

My proposal would be, to replace the primary Secret Key Packet (Tag 5) of the key with a Public Key Packet (Tag 6). So Transferable Secret Key with 2 subkeys would look something like this:

TSK = [ Public Key Packet (6), Secret Subkey Packet (7), Secret Subkey Packet (7) ]

Let me know what you think :)


Am 09.05.22 um 16:23 schrieb Werner Koch:
On Mon,  9 May 2022 12:28, Paul Schaub said:

Could you by the way elaborate on the reasons why you think it is not
possible to just omit the secret key packet? Clearly the specification
Because a secret key packet has different properties than a public key
packet.  Even if the real secret information has been stripped there is
still tye information that it is a secret key packet.

Parser stuff is not an issue and it is easy to use just one parser.

   is_secret = tag_is_for_secret_sub_key();
   if is_secret
      We have even taken care in rfc4880 to make it easy to parse keys with
unknown algorithms (depending on the protection mechanism due to
backward compatibility).



openpgp mailing list

openpgp mailing list

openpgp mailing list

<Prev in Thread] Current Thread [Next in Thread>