Closed
Description
The current implementation of openpgp/crypto package does not allow the following operations on an openpgp.Entity object:
- Supporting embedded signature (0x19) for subkeys (x/crypto/openpgp: Creating a signing subkey with an EmbeddedSignature doesn't seem possibleย #23231 is logged for supporting this in openpgp.ReadEntity)
- Proposal: Entity.AddSubKey will generate this signature if the subkey will be used for signing.
- Support for RevocationSignatures against Primary key (0x20) and subkeys (0x28)
- Proposal: Add new methods Entity.RevokeKey() as well as SubKey.Revoke() to generate and store revocation signatures against the corresponding key.
- Support for certification revocation signature as defined in RFC4880 against an identity
- Proposal: A new method Identity.RevokeSignature() method to generate and store the certificate revocation signature. Changes from https://go-review.googlesource.com/c/crypto/+/118995/ will be applicable seem to be relevant.
- Adding a new subkey to the an openpgp.Entity object
- Proposal: Add a new API Entity.AddSubKey(canSign bool) which takes in a parameter to configure if the subkey can sign as well. The subkey generated in NewEntity() currently is an encrpt only key and new subkeys cannot be generated via the library for encryption.
P.S: I've noticed we have a lot of these functionalities are present in ReadEntity e.g supporting subkeys and revocation certificates, but there seems no way to do these operations in the library on an entity directly using the library. After going over #27889 and considering @FiloSottile's opinion to keep things simple here, it would be great if we could filter out the aforementioned proposals that we can keep in the openpgp package while the rest can be implemented in a separate package.