x/crypto/openpgp: unable to use signing subkeys
ameihm0912 opened this issue · comments
Appears an issue exists when trying to use signing subkeys, specifically this issue manifests itself when the master signing key is not present due to the way the openpgp library works.
The scenario here being:
- User's GPG keyring contains a subkey secret key used for signing, and the master is not present
- .migrc keyid indicates fingerprint of subkey
This will fail due to the way entities are read in the MIG PGP code, specifically:
Lines 44 to 54 in e058be3
The Entity type has a Subkeys component that is a list of subkeys associated with it. This is never read so it results in the fingerprint never being found.
If this code is modified, it is able to continue and subsequently fails in openpgp.ArmoredDetachSign(). The reason for this looks like it starts here:
There does not appear to be a way to indicate a subkey to ArmoredDetachSign(), and detachSign() simply uses the master private key associated with the passed in Entity.