proposal: x/crypto/openpgp: add support for more features

[syadav2015]

The current implementation of openpgp/crypto package does not allow the following operations on an openpgp.Entity object:

• Supporting embedded signature (0x19) for subkeys (x/crypto/openpgp: Creating a signing subkey with an EmbeddedSignature doesn't seem possible #23231 is logged for supporting this in openpgp.ReadEntity)
  • Proposal: Entity.AddSubKey will generate this signature if the subkey will be used for signing.
• Support for RevocationSignatures against Primary key (0x20) and subkeys (0x28)
  • Proposal: Add new methods Entity.RevokeKey() as well as SubKey.Revoke() to generate and store revocation signatures against the corresponding key.
• Support for certification revocation signature as defined in RFC4880 against an identity
  • Proposal: A new method Identity.RevokeSignature() method to generate and store the certificate revocation signature. Changes from https://go-review.googlesource.com/c/crypto/+/118995/ will be applicable seem to be relevant.
• Adding a new subkey to the an openpgp.Entity object
  • Proposal: Add a new API Entity.AddSubKey(canSign bool) which takes in a parameter to configure if the subkey can sign as well. The subkey generated in NewEntity() currently is an encrpt only key and new subkeys cannot be generated via the library for encryption.

P.S: I've noticed we have a lot of these functionalities are present in ReadEntity e.g supporting subkeys and revocation certificates, but there seems no way to do these operations in the library on an entity directly using the library. After going over #27889 and considering @FiloSottile's opinion to keep things simple here, it would be great if we could filter out the aforementioned proposals that we can keep in the openpgp package while the rest can be implemented in a separate package.

[rsc]

@bradfitz says if these are small, non-breaking API changes then go ahead and send them. Otherwise please explain the changes in more detail. Thanks.

[syadav2015]

@rsc, @bradfitz These are fairly small changes and do not break the existing API (rather adds new API Entity.AddSubKey(), Entity.RevokeKey(), Subkey.Revoke() and Identity.RevokeSignature()). A short explanation for the aforementioned API's is as follows:

1. Entity.AddSubKey(config *packet.Config, canSign bool): Generates a RSA/RSA keypair based on the config paramater. Generates a 0x18 signature (RFC 4880 Section 5.2.1) and a 0x19 signature (RFC 4880 Section 5.2.1) if the subkey supports signing. Essentially factoring out L564-L584 into a new method and adding 0x19 signature support.
2. Entity.RevokeKey(): Generates a 0x20 signature (RFC 4880 Section 5.2.1) and adds it to Entity.Revocations.
3. Subkey.Revoke(): Generates a 0x28 signature (RFC 4880 Section 5.2.1) and stores it in Subkey.Sig.

Please let me know if any further details/ design document is required.

[syadav2015]

@FiloSottile @bradfitz The code changes are pending review in https://go-review.googlesource.com/c/crypto/+/161817. The code changes are not API breaking and have breadth tests added for the newly introduced APIs. Please let me know if any more information is needed about the changes and I'll be happy to address any issues.

Thanks

[gopherbot]

Change https://golang.org/cl/161817 mentions this issue: openpgp: add RevokeKey, RevokeSubkey and AddSubkey methods to Entity

[syadav2015]

Hi everyone,

Changes in https://go-review.googlesource.com/c/crypto/+/161817 are pending reviews since April.

Since @bradfitz is on leave right now, who else would be the right person to review and potentially merge these changes?

[ALTree]

@syadav2015 The crypto/openpgp situation is... unfortunate. The bottom line is that the library is not-deprecated-but-also-somewhat-frozen and it doesn't have a maintainer in the Go team.

There's a lenghty discussion at #30141 (search for openpgp in that page). You should also read Filippo's message at https://groups.google.com/forum/#!topic/golang-openpgp/_P6AmeCmD9w

Maybe write/ping that mailing list for your proposal.

[syadav2015]

@ALTree Thanks for the input. I have added the proposal to the thread for now. Let's see how it goes :)

[FiloSottile]

Per the accepted #44226 proposal and due to lack of maintenance, the golang.org/x/crypto/openpgp package is now frozen and deprecated. No new changes will be accepted except for security fixes. The package will not be removed.

If this is a security issue, please email [email protected] and we will assess it and provide a fix.

If you're looking for alternatives, consider the crypto/ed25519 package for simple signatures, golang.org/x/mod/sumdb/note for inline signatures, or filippo.io/age for encryption. You can read a summary of OpenPGP issues and alternatives here.

If you are required to interoperate with OpenPGP systems and need a maintained package, we suggest considering one of multiple community forks of golang.org/x/crypto/openpgp. We don't endorse any specific one.