[Autocrypt] How to create the "raw key" part from an RSA key

Bjoern b44treader at googlemail.com
Sat May 20 11:57:38 EDT 2017 

Thank you very much, I'll check the details ASAP.

Regarding the "Armor": Well, Delta Chat only creates the base64 part,
I've taken the ASCII-header/footer "-----BEGIN…" and "-----END…" from
the first best other key I found ... and thank you for clarification
about what "armor" means in PGP, didn't knew this.

On Fri, May 19, 2017 at 6:11 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> Hi Bjoern--
>
> On Fri 2017-05-19 15:26:06 +0200, Bjoern wrote:
>> So, i Delta Chat can create the two keypairs now.
>
> yay!
>
>> Can anyone please check if the key examples below meet the
>> requirements of Autocrypt?
>
> i just reviewed the public key -- i'll review the private key later :)
>
> a few comments:
>
>  * your primary key is marked as encryption-capable (it has "sign" and
>    "encrypt-comms" flags).  This is generally not a best practice.
>    primary keys should have "sign" and "certify" flags, but not
>    encryption-capable.
>
>  * the subkey should have "encrypt-comms" and "encrypt-storage" flags
>    (yours currently has "sign" and "encrypt-comms").
>
>  * your subkey binding signature contains preferred symmetric, hash, and
>    compression subpackets, as well as the features subpacket.  Those are
>    usually only placed in the self-sig over the user ID, not in the
>    subkey binding packet.
>
>  * your ordering of preferred hash algorithms should be hardened -- it
>    looks like you prefer SHA1 before SHA384, SHA512, and SHA224.  No one
>    should prefer SHA1 over anything from the SHA2 family.
>
>  * I was unable to validate your subkey binding signature!  i was able
>    to validate the selfsig over the uid, though, so one of the sigs is
>    correct.
>
>  * (nitpick) why do you have this Version: header in the armor?  modern
>    versions of GnuPG don't include any such header by default.
>
>> For me, they look well, but I'm not familar with this stuff, others
>> may see obvious errors (the armour is only for readability here, in
>> the Autocrypt-header, it is left out)
>
> fwiw, "armor" in OpenPGP land usually refers to the base64-encoding in
> addition to the "-----BEGIN…" and "-----END…" lines and the headers.  i
> think you're using it to mean just the "-----" lines and headers, and
> not the base64-encoding itself.
>
>     --dkg

More information about the Autocrypt mailing list