hko-s
commented
1 month ago Right, subkey generation would be a good mid-level API to have, and should be easy enough to do. I'm happy to look into that, soon.
About subkey deletion, there are two different semantics one could want, when thinking about "getting rid of subkeys":
- signaling to others that this subkey should not be used anymore (e.g.: they should not send messages to me that are encrypted to that subkey)
- just not sending that subkey anymore, without signaling anything about it to correspondents
For 1, the subkey should be revoked (by issuing a new self-signature that sets the subkey metadata to "revoked"), and still sent to correspondents.
For 2, removing the subkey from the secret_subkeys field works. However, depending on the OpenPGP software of one's correspondent, it is expected that they still consider the "removed" subkey as existent and valid. Many OpenPGP libraries will continue to encrypt to a subkey that has been "removed" in this way, forever.
I want to generate a new encryption subkey for existing key.
But it seems subkey generation is only implemented in the function that generates a whole new secret key: https://github.com/rpgp/rpgp/blob/6e51094fbee39d3a33020d8e3a5ee74b5de03d2a/src/composed/key/builder.rs#L215-L248
Would be nice to factor it out to have a way to generate a new subkey.
As for subkey deletion, seems I can directly delete them from https://docs.rs/pgp/0.13.2/pgp/composed/signed_key/struct.SignedSecretKey.html because
secret_subkeysfield is public. For unsigned key these fields are however private, which seems inconsistent: https://docs.rs/pgp/0.13.2/pgp/composed/key/struct.SecretKey.html