Keygen example with subkeys

[jstanden]

It would be very useful to have a keygen example that creates the standard top-level key for signing and a subkey for encryption. There aren't any examples dealing with creating or editing subkeys.

I was able to modify the existing keygen example for multiple UIDs and corresponding signatures.

I tried to create a subkey by repeating the OpenPGP_SecretKeyPacket process and appending a OpenPGP_SecretSubkeyPacket with a OpenPGP_SignaturePacket (against the secret key and subpacket). I couldn't get the embedded 0x19 (cross) signature in the 0x18 signature to validate in GPG from the CLI.

I'm aware I can modify the keyflags in the 0x13 signature to 0x07 on the UIDs (per #40), and that's what I've been doing up to this point. However, I'd eventually like to generate a master key for an offline keyring, with detached subkeys for signing and encrypting.

We're automatically decrypting inbound mail in a web app, so we'd like to simplify rotating the encryption keys without unnecessarily exposing the master key. We can use gpg from the CLI in a pinch (or Keybase), but I'd rather not require thousands of clients to do that. We're looking at openpgp-php to get away from the ext/gnupg requirement.

As well, a small group of our enterprise clients are using PHP on Windows where the gnupg extension isn't maintained. The last piece of the puzzle with openpgp-php is having a default keygen use the current best practices w/ sub keys.

[jstanden]

I figured this out. Pull request #94. This issue can be closed.