x/crypto/openpgp: new entities cannot be encrypted to by default #12153
Comments
|
I opened a patch with one solution for this here: https://go-review.googlesource.com/#/c/23209/ but unsure if it's too opinionated |
|
CL https://golang.org/cl/23209 mentions this issue. |
|
Has this issue been resolved? |
|
Not yet On Friday, July 1, 2016, ProtoFly [email protected] wrote:
Jessie Frazelle |
|
My -sort of- fix was to use Alas, still unsuccessful, as the code then generates: Digging further (and showing my ignorance, most likely), the culprit is that this public key I am using is a DSA key, not RSA. Perhaps not germane to this issue, but the error might be more useful if it indicated that DSA keys cannot be used for encryption, only signing. As an aside, I'm new to Go, and your examples are very helpful jfrazelle. Thank you. (Adding more - forgive if this isn't the right place): I've discovered that DSA keys -usually- have ElGamal sub keys, which can be used for encryption. However, the default 'Encrypt' won't work unless you promote the ElGamal sub key up to the top, and then it works. Would a reasonable feature request be that if the DSA key is used AND it has an ElGamal sub key, that the Encrypt should attempt to use that, rather than return 'Cannot encrypt...type 17'? |
Say the user wants to create a NewEntity, then Serialize the private and public keys. Then call Encrypt. The Hash used first for Encrypt will be `RIPEMD160`, which is not compiled in by default. So say they _specifically_ pass crypto.SHA256 as the Default hash to NewEntity, this should set the PreferredHash in the SelfSignature so they can be encrypted with that hash. Related to golang/go#12153 Change-Id: I3d89f9d60f9abb29ec8365f81da38b8cd0594587 Reviewed-on: https://go-review.googlesource.com/23209 Reviewed-by: Adam Langley <[email protected]>
|
Hello @jessfraz, I see that your CL was merged in September 2016, does this mean that this issue is then resolved? |
|
Yes
…On Sat, Feb 18, 2017, 02:26 Emmanuel T Odeke ***@***.***> wrote:
Hello @jessfraz <https://github.com/jessfraz>, I see that your CL was
merged in September 2016, does this mean that this issue is then resolved?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#12153 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABYNbNYKMzAGcODUL-LQVVMlQ6PWsVIdks5rdp0RgaJpZM4FsAME>
.
|
The key returned by
openpgp.NewEntity(https://godoc.org/golang.org/x/crypto/openpgp#NewEntity) does not express hash algorithm preferences, and by defaultopenpgp.Encrypt(and perhaps others) default to using theRIPEMD160algorithm (https://github.com/golang/crypto/blob/173ce04bfaf66c7bb0fa9d5c0bfd93e773909dbd/openpgp/write.go#L205), which is not compiled in unless one explicitly requests it. This means that the "obvious" way to generate keys and encrypt to them fails with the largely-inscrutible error messageopenpgp: invalid argument: cannot encrypt because no candidate hash functions are compiled in. (Wanted RIPEMD160 in this case.)There are more than a few ways around this (populating
PreferredHashbeing one obvious option, and defaulting to e.g., SHA-256 being another), but this seems like an awfully sharp edge to leave lying around.The text was updated successfully, but these errors were encountered: