[Autocrypt] How to create the "raw key" part from an RSA key

[Daniel Kahn Gillmor]

Hi Bjoern--

On Fri 2017-05-19 15:26:06 +0200, Bjoern wrote:
> So, i Delta Chat can create the two keypairs now.

yay!

> Can anyone please check if the key examples below meet the
> requirements of Autocrypt?

i just reviewed the public key -- i'll review the private key later :)

a few comments:

 * your primary key is marked as encryption-capable (it has "sign" and
   "encrypt-comms" flags).  This is generally not a best practice.
   primary keys should have "sign" and "certify" flags, but not
   encryption-capable.

 * the subkey should have "encrypt-comms" and "encrypt-storage" flags
   (yours currently has "sign" and "encrypt-comms").

 * your subkey binding signature contains preferred symmetric, hash, and
   compression subpackets, as well as the features subpacket.  Those are
   usually only placed in the self-sig over the user ID, not in the
   subkey binding packet.

 * your ordering of preferred hash algorithms should be hardened -- it
   looks like you prefer SHA1 before SHA384, SHA512, and SHA224.  No one
   should prefer SHA1 over anything from the SHA2 family.

 * I was unable to validate your subkey binding signature!  i was able
   to validate the selfsig over the uid, though, so one of the sigs is
   correct.

 * (nitpick) why do you have this Version: header in the armor?  modern
   versions of GnuPG don't include any such header by default.

> For me, they look well, but I'm not familar with this stuff, others
> may see obvious errors (the armour is only for readability here, in
> the Autocrypt-header, it is left out)

fwiw, "armor" in OpenPGP land usually refers to the base64-encoding in
addition to the "-----BEGIN…" and "-----END…" lines and the headers.  i
think you're using it to mean just the "-----" lines and headers, and
not the base64-encoding itself.

    --dkg