-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Parse signature subpacket type 4 (exportable cert flag) #200
Conversation
Subpacket 0x04 is "Exportable", while RFC 4880 5.2.3.12 describes 0x07 "Revocable". There is no "Recoverable" subpacket. |
Hey @andrewgdotcom, sorry for the confusion. Indeed, I am not used to reading RFC's. I changed the naming to "Exportable". Let me know, if that is okay now! |
Hi 👋 Thanks for the PR! However, two comments, one low-level and one high-level: First, this PR only implements parsing, not serialization of the subpacket, so if you set Then, the spec talks about removing certifications with |
@twiss A library should be able to CRUD such "user intent" subpackets. Beyond that I think it's entirely an application issue. |
@twiss Subpacket types 23, 24 and 31 are also conspicuously missing. It would be nice to also have these, particularly for future keyserver work but also because it should be safe in general to parse e.g. a sig with a critical "keyserver preferences" subpacket (if someone was crazy enough to do that). I'd be happy to help out with that. (On the other hand, lack of support for type 7 is a welcome unfeature, see https://gitlab.com/dkg/openpgp-revocation/-/issues/5 😄) |
I think it's a bit unfortunate that, to comply with the spec, the application will have to manually go through the certifications, check this flag, and remove them if it's present and false (when relevant). Perhaps we could make some kind of helper functions for importing and exporting keys, here or in GopenPGP. This PR is also technically speaking a breaking change in the sense that, currently, we reject keys with unexportable certificates, which at least indicates that there's some issue. But I guess even if we add a high-level API that breaking change in the low-level API isn't really avoidable, so maybe it's OK.
Sounds good :) |
An alternative for this MR is to provide functionality for parsing the subpacket and throw an error in case the flag is set to |
Yeah, that could work. I guess we might then eventually also want a config option saying whether we should accept or ignore unexportable signatures. As an aside, coming back to the original case, I'm actually a bit confused why someone would create a critical subpacket marking the signature as exportable (which is the default anyway, so it shouldn't really be critical to explicitly say so). Do you happen to know what software generated this key? |
Yeah, I agree, it does make much sense to explicitly mark the signature certs as exportable. This key came from a 3rd party source, so unfortunately I do not know how it was generated. I will make the changes to just parse the subpacket then, and throw an error if its |
Hey @twiss, any updates on merging this PR? |
Hey 👋 Apologies for the long delay. |
Makes sense, I removed the property from the signature all-together. Basically, now we can just parse the subpacket - if its set to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Thanks!
Recently I had to parse a PGP key with a signature that contained a critical subpacket of type 4.
Similarly to #138 and #139, this PR:
UnsupportedError
for non-exportable signatures (subpacket has the valuefalse
). This is done to avoid introducing a breaking change as extra work needs to be done to support this.Data used for test case: