openpgp + subkeys
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Feb 26 21:24:23 CET 2008
Simon Josefsson wrote:
> Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
>
>> I've been working a bit lately on the openpgp support of gnutls. The planned
>> changes are:
>> 1. To handle subkeys
>> 2. To list/generate keyrings using certtool
>> 3. To list openpgp certificates/keys using certtool
>>
>> The first is partially completed. However I've come across a limitation of the
>> current protocol for openpgp keys (rfc5081). It seems currently there is no
>> way to indicate to the peer which subkey to use, thus always the primary key
>> has to be used.
>
> :-(
I've already issued a fixed rfc5081bis that is used in the released code
(devel).
> Is this a gnupg problem? I assume the OpenPGP spec allows it.
> I recall GnuPG asked me about authentication/encryption/etc keys when I
> used a smart card with GnuPG. So maybe it is possible. Ask on the
> gnupg list?
I seems I should...
>> On the development release I plan to implement a subkey negotiation -by
>> sending a keyid at the initial hello messages to indicate the (sub)key that
>> will be used during this handshake.
> This is finished now, right?
indeed.
> Is there any recommendations from the openpgp spec? It seems the
> question of which subkey to use would come up for every openpgp
> implementation.
No unfortunately not.
regards,
Nikos
More information about the Gnutls-devel
mailing list