[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: openpgp + subkeys
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: openpgp + subkeys |
Date: |
Tue, 26 Feb 2008 22:24:23 +0200 |
User-agent: |
Thunderbird 2.0.0.6 (X11/20071022) |
Simon Josefsson wrote:
Nikos Mavrogiannopoulos <address@hidden> writes:
I've been working a bit lately on the openpgp support of gnutls. The planned
changes are:
1. To handle subkeys
2. To list/generate keyrings using certtool
3. To list openpgp certificates/keys using certtool
The first is partially completed. However I've come across a limitation of the
current protocol for openpgp keys (rfc5081). It seems currently there is no
way to indicate to the peer which subkey to use, thus always the primary key
has to be used.
:-(
I've already issued a fixed rfc5081bis that is used in the released code
(devel).
Is this a gnupg problem? I assume the OpenPGP spec allows it.
I recall GnuPG asked me about authentication/encryption/etc keys when I
used a smart card with GnuPG. So maybe it is possible. Ask on the
gnupg list?
I seems I should...
On the development release I plan to implement a subkey negotiation -by
sending a keyid at the initial hello messages to indicate the (sub)key that
will be used during this handshake.
This is finished now, right?
indeed.
Is there any recommendations from the openpgp spec? It seems the
question of which subkey to use would come up for every openpgp
implementation.
No unfortunately not.
regards,
Nikos