openpgp + subkeys

Nikos Mavrogiannopoulos nmav at
Tue Feb 26 21:24:23 CET 2008

Simon Josefsson wrote:
> Nikos Mavrogiannopoulos <nmav at> writes:
>> I've been working a bit lately on the openpgp support of gnutls. The planned 
>> changes are:
>> 1. To handle subkeys
>> 2. To list/generate keyrings using certtool
>> 3. To list openpgp certificates/keys using certtool
>> The first is partially completed. However I've come across a limitation of the 
>> current protocol for openpgp keys (rfc5081). It seems currently there is no 
>> way to indicate to the peer which subkey to use, thus always the primary key 
>> has to be used.
> :-(

I've already issued a fixed rfc5081bis that is used in the released code 

> Is this a gnupg problem?  I assume the OpenPGP spec allows it.
> I recall GnuPG asked me about authentication/encryption/etc keys when I
> used a smart card with GnuPG.  So maybe it is possible.  Ask on the
> gnupg list?

I seems I should...

>> On the development release I plan to implement a subkey negotiation -by 
>> sending a keyid at the initial hello messages to indicate the (sub)key that 
>> will be used during this handshake. 
> This is finished now, right?


> Is there any recommendations from the openpgp spec?  It seems the
> question of which subkey to use would come up for every openpgp
> implementation.

No unfortunately not.


More information about the Gnutls-devel mailing list