ProtonMail / gopenpgp

A high-level OpenPGP library
https://gopenpgp.org
MIT License
1.06k stars 117 forks source link

Cannot specify subkey when signing #287

Open nf-brentsaner opened 4 months ago

nf-brentsaner commented 4 months ago

I have a private key with both an ED25519 (256-bit EdDSA, that is) subkey and a 4096-bit RSA subkey.

I see no possible way to specify signing with the ED25519 key, the library just ~takes the first subkey capable of signing~ uses the RSA subkey (it seems even if the ED25519 subkey is the first subkey, it still occurs).

How can I specify an explicit subkey to use with a PGPHandle/PGPSign?

nf-brentsaner commented 4 months ago

To reproduce, feel free to use this example test key:

-----BEGIN PGP PRIVATE KEY BLOCK-----

lFgEZo+swhYJKwYBBAHaRw8BAQdAXI1L5Jw+YgFdZklh9SbEN9hFXtF5a0Rq9dzJ
qxIQaJwAAP47TpAuq8FE9Su0D7PngSes2cCp5WQ6coI3X4Fpz8eDXBF0tC1UZXN0
aW5nIEtleSAoVGVzdCBDb21tZW50KSA8dGVzdEBleGFtcGxlLmNvbT6IkwQTFgoA
OxYhBGFIuNpZZVURV6rMzjC+1sWu+T3iBQJmj6zCAhsDBQsJCAcCAiICBhUKCQgL
AgQWAgMBAh4HAheAAAoJEDC+1sWu+T3iHWgBAMYY34j83NNQ2i/BhuiNizvljvzy
/glnLZyi+gdg2SEDAP9xVsuPVxUZnmErDGBc2gWNYeuY8SBTSOlAYr6RwWaUBJxd
BGaPrMISCisGAQQBl1UBBQEBB0BuikD6c21S4Nj/DqLe2Bjx3iIKFBl1jmC3zNBB
6kPvbQMBCAcAAP9ORnbLuWJihvT0sCVNrtlHyR+dyFVBVfUJziyKhxap0BF/iHgE
GBYKACAWIQRhSLjaWWVVEVeqzM4wvtbFrvk94gUCZo+swgIbDAAKCRAwvtbFrvk9
4iCVAQDql8EXYbK9H6xENpNpGWrYy0KSRBZyc2AIO5sSwLj52wD+PQ13ullQbtT7
DWczRC6ztnPvzne+GxmEqyy3KoM3XQadBxgEZo+s4AEQAJ3hHjF/r0R719oyGIp/
Jmby5+9v9UYGo3YwLRRluMo3rPF1YBvMWOx1eNlIAHcGp3A9ATP+SVfLsJt9Wj1P
6NVFyGzXEeUhIhJNvdLEIzDgT4YXlwcFa9DPLrNVmovy78P+NkgZwcc34046fD/c
tLpbX4j4bic3cEQOeZ3S7GdZPT3IsH9rtjLR2gO5N0DF3Pp2hGH2RSg6mnZVtDmo
oftmNeIX97qobgPr8SWh4JuDu/GPFB5lDo1DpFOP1LUoE7lZ7l55qKm65o1sSa1Q
JLKeRiGoOzzmlzHTzJXRNoZOmR7hNrr+SmQ0GLVBKPQ6/hqRJx5dJT0gtl75RpzA
weKIt3u06WoZf8B+eC5cMhJg3Lk0tH3uwZeysNNaKkMVHkWglmHFR0tZfEwpCAPf
vOw5JdZhHQ1SRTVhWu6caBCuvw1GGm6OoVDNpeeZkoLxI1K8bLiECeFHIMkGeEKS
omsnuM3zqKCONKcTi5nh9OQhgr0lNboWF2MWyFTidZ9twT1m+cuu9gOrW7G3n4Hl
+bhyjNvx7qk+18W9Ol68l/IAtoybJ8ZL7thxj6vMq6Rw3wYJgRGR+xVKWJmYLBRn
9POmFP8HUE5APZD9URZovn79AdNdWNd2pvmr53/xOLOzUqxnHnAMpg7aBXSqGBKk
B48N+hwr9y0GTB07ZREWv3j/ABEBAAEAD/9GLjZ6QWybUEPk+gTft+LNu6evT4Dj
1nqeRI8ddJRey74Efa0x3jYfMp78U13lix8uLOgWgTCAJwsEK4ZMH/P7rjAIddg+
Furq4QUDJm4QQX4IOP9JPzcslJSJYoG3OVAsuxnNFioGEUlpUmU+DDGIb6q5m9l3
dFTi495a8lJlJI2tI8OVeL9+ursjkZdGo032Rm3VkCAw4FAeTz20rcoHk2lbblUQ
c+OnuZ+yH1HVP4txtyz1z+1WjV2ESbj/qGeQKrJj68e2X18yOZNMyAXwIpxBROPE
UCqgmypj5KLMtC6rw+hM2lIeVewv0l3Op1SiYajWfghaMmrvL/ccIjFs+49xy261
4wR3Yz9oieaiWPnhhpmSa034sO0RVWrQ3SmXtyiVp9O7zFAYMI9zHNOpmw896gnu
fMgVzeCFdYcfVkoJlfUHL011EDQY7cEVv/j7FLxIBweakQ79Tp0ddqNLvTQ/LHk4
B31dMBBUWvQQENtoa+9uFW8Z61vLz7BvYZYu5kizPZghzUkinkZz5A4wDlgIwaBH
+GB5H8xx7H4cqjdWMxIUjoxzm8O7h/F0eOl95IZq/1DHbrdv0GJolpz7FttZ6vTX
fUO9/w++UEkpeiyyE9iH1TIOSUOq4O9rX7vsE3ZTg02SxX9TgPf1Qb/zgQrbacnT
ngsxBZgw2mwRKQgAwtSQVMshAvtgOaiJGwACrWIgEs2bl7NtWK4ogAGXljWpBMFJ
/7IjM1tisRgLbd3bL1SYa82ETUDWzNSBSUu38OA34lZEhY9othvMvTYiF+FZ7mNo
hWRr394oJBfLrtyoTVkuZW2aXob6PpOWdd+o9Ph3X5iJTwz845r6Bd9RAvFObz44
578kwBJndl56s/WEao36Ktt9g0L8r+4JSUKu079IZfr1X2mmDjxPuyS4deps2BUH
UrxB0BeZXppFO2bVnz1U/bGt1WLnuBgei9pROB4nkAv+7dgJaP8tm46aLiE1itBk
Mt7Ai9fXNVeAAgCRpQGD2p83uRHYXIL4CL+TuQgAz3KhZSYpHySsQ9rmU8rqpvxM
/C0zd32gFQo6COk+ff7Ata6xgj/4ZukV21ySqXHwu9kHJgZzLBJ7OADzo+N2XWqP
LZqZL0/GlqO5OZGu0I99Y0Ut0VCvc6VKY33GM/JhZD1gE93PuEnx5/wS6XZ6Jlzf
y4v+TJzIGMF/FoeB9bJ15Qp7/EGlJHU5Q+KeaxXy0KNtAj6otM570RhHimHXGbis
nLBIqQ8fgHvWHHnvSRkaZ0Oqe+F1F3v5HO8KMdX2Kxh0udPSZR9pbVAnq6+wadG4
dbuABD33yzSYZn1h0UxxgpGENgl+AMKP5hsqNcFmYoN2lx0dLQF5qb1C6sM+dwgA
qtNVp5+V5N+k22kPVjqf+wMjOOvy1X/GEZJM7LPGa7FS4xsXKYvaaeQ5rpWD8Ami
idb+EbGnJF22UQlpllW9fqT0Mhwamzh8geuL0FhJZYGexuSRIN8kwq2D6iQZ6fGZ
x+BxZaA1v04adpjQJh0lOr8L/ehazUDBK1WOGLcMrxBA0UXgOoWvKg1+ff+WjI36
5oCqJIRw61fgvZSTk5d9Ce3zGEKJ9qbcMzoUDoOwe9UvW6K5p/QYF0mLo03YZPWx
fcHu7YgQPvXsWqQX6A2Xtax/qbfWkDwpVCSvTdqPp2We3wyj+LpgdV6XSSfqzHPS
334xFznUbsvsXnyVPBd8oXo+iQKbBBgWCgAhFiEEYUi42lllVRFXqszOML7Wxa75
PeIFAmaPrOADGw4EAizBaiAEGQEIAB0WIQTvVw1nMsOz3JJYnfgXe/JH1tvjPQUC
Zo+s4AAAU+cP/1/Xz/2Qh6s+naIK/CF2/1wu3+7mLf7xI7E67fjf+rvRGNxOIHJp
eepO/xe7ME2Jz7gasy8fk1Zo60CLM9efaf4XYx+nt3IvfJsASKInZxb2uFsL2wnf
ypLT2NVpClydRBoGIK7tjK4L3OAL18iTAljNvkyl7kwkog7J2kdP9Rrq2RYM5CSL
qSczJ9Z8x/qVM5S6+J9+gdpWeG0gzVfAZrffXyEU/xTdsbKTI7LSR204RFYwncco
au0oaaD52n2ooZr+FORBymu6d1cEiAjwoj3gjd+seAQgRqFxonJUNs3oB9Yagf8Z
qAalXOq/8XcvkrNCShfk8Rp6pI9gWdFZEKRkQf1WJIKxpt10J0D0tdO5XPwjRoYQ
8ciTrImlTEVyleg8JyYIUCGBjD5NO6AyBw4Pl1aLScGNTKwqufycr3+tqiB2qOci
NFwu8pXH3N8QHTm7e/u7r+mG84bduM/KMYz2LgTdtLfDW0hWEJBvZgNjjRwpsfyr
G0EIhl8w/ymVGyc1G463mo+7aXIaWD9bU/HlHWMMg2lcsVPbxqTAzz5PJWsA1xBS
EjmDncLPN0ZSS5m2UIN8tRwRncAz54C2tlqDgWwfSZH16KDHZjirufG9WX0k+SbY
71vvEBMs82nI62rxptiBgAdg698+HxQY7nhHIASnxuZL3VAlu2+YDgAwXIUBAJkp
Iedldlr2LVzgn5Wp3FvuRXMPf/w4I61X+Pnj3BbZAQDSi6G5j+uO/+I36Lwthpbc
P6T+rhZnTCrz6jyw3fwwDw==
=Bar9
-----END PGP PRIVATE KEY BLOCK-----

This can be done via the CLI with:

gpg --detach-sign --sign-with 30BED6C5AEF93DE2! ...  # ED25519 subkey
gpg --detach-sign --sign-with 177BF247D6DBE33D! ...  # RSA4096 subkey
lubux commented 4 months ago

Hi 👋

GopenPGP currently does not support the specific selection of signing sub-keys and relies on the automatic selection process of the underlying forked go-crypto library. Nevertheless, go-crypto does support this feature via the config.

If you need this feature, I would suggest to either use the lower-level library or create a pull request for GopenPGP.

nf-brentsaner commented 4 months ago

🤦🏻 Skipped right over that. I must have looked at packet.Config at least half a dozen times and it never mentally parsed. Thanks!