[Autocrypt] How to create the "raw key" part from an RSA key
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed May 31 09:12:23 EDT 2017
Hi Edouard--
On Wed 2017-05-31 11:23:34 +0200, Edouard Tisserant wrote:
> I'm maintaining netpgp fork of pEp project. Thanks Daniel for including
> me in the discussion, I am happy that I can help.
thanks! nice to hear from you here.
>> when you say "key generation is not really Netpgp-related" i'm not sure
>> what you mean. netpgp has a function netpgp_generate_key(), for
>> example, which sounds relevant.
>
> That's true that such historical function exists, but we don't use it.
> Please have a look at function pgp_generate_keypair() in pEpEngine's
> pgp_netpgp.c :
>
> https://letsencrypt.pep.foundation/dev/repos/pEpEngine/file/tip/src/pgp_netpgp.c#l784
does this seem like something we should be merging into netpgp to make
it more capable and useful as a toolkit?
> Netpgp was indeed not behaving with subkeys at all. It is now a little
> better on that point, but far from being perfect :
> - it accepts keys from GPG having subkeys, and use them to decrypt,
> encrypt and sign.
> - it does _not_ generate any subkey when generating a new key.
this point seems like it ought to be fixed at least, right? the best
practice for OpenPGP is to have an encryption-capable subkey, and not to
make the primary key encryption-capable.
> - subkeys are ignored when renewing expired key
hm, interesting. for subkey expiration, i tend to treat it differently
depending on the type of subkey. if the subkey is very old, if it is
too-small, or if it is encryption-capable, i prefer to just replace it
with a new subkey of the same type. if the subkey is strong enough, for
signing or authentication purposes only, and relatively recent, then
i'll consider extending the expiration.
replacing encryption-capable subkeys regularly gives you an opportunity
to destroy old ones when they're no longer needed, which is a step
toward "deletable" mail.
> I'm now subscribed to autocrypt list. I'll welcome any contributions,
> even if I have to pull from a Git repo ;)
;) Do you have a preferred way to take contributions otherwise? I
didn't set up the git repo to antagonize you, i just did it because i
didn't see a clear preferred way to contribute code to netpgp-et itself
(and because i saw that Bjoern is working from git already, and because
i'm personally more comfortable with git) -- but i'm sure we can both be
flexible if you have a straightforward channel by which you prefer to
receive contributions.
Welcome to the autocrypt mailing list!
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.mayfirst.org/pipermail/autocrypt/attachments/20170531/412b69e9/attachment.sig>
More information about the Autocrypt
mailing list