Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Key flags not as expected #158

Open
WebSpider opened this issue Aug 17, 2017 · 0 comments
Open

Key flags not as expected #158

WebSpider opened this issue Aug 17, 2017 · 0 comments

Comments

@WebSpider
Copy link

WebSpider commented Aug 17, 2017
edited

Hi!

When generating a new key and specifying only Sign for the main, and encrypt for a subkey, the subkey ends up with more flags than expected:

This is the recipe I'm feeding to kbpgp:

var kbpgp = require('kbpgp');
var F = kbpgp["const"].openpgp;

var opts = {
  userid: "Testy McTestface testor@testface.edu",
  primary: {
    nbits: 2048,
    flags: F.sign_data,
    expire_in: 0
  },
  subkeys: [
    {
      nbits: 2048,
      flags: F.encrypt_comm | F.encrypt_storage,
      expire_in: 0
    }
  ]
};

kbpgp.KeyManager.generate(opts, function(err, alice) {
  if (!err) {
    // sign alice's subkeys
    alice.sign({}, function(err) {
      // console.log(alice);
      alice.export_pgp_public({}, function(err, pgp_public) {
        console.log(pgp_public);
        console.log(new Buffer(pgp_public).toString('base64'));
      });
    });
  }
});

After taking the public key and feeding it to gpg2 for inspection, I get:

gpg: WARNING: unsafe permissions on homedir '/tmp/moar/'

off=0 ctb=c6 tag=6 hlen=3 plen=269 new-ctb

:public key packet:
version 4, algo 1, created 1503007813, expires 0
pkey[0]: [2048 bits]
pkey[1]: [17 bits]
keyid: 9181825EB6B573B3

off=272 ctb=cd tag=13 hlen=2 plen=34 new-ctb

:user ID packet: "Testy McTestface testor@testface.edu"

off=308 ctb=c2 tag=2 hlen=3 plen=308 new-ctb

:signature packet: algo 1, keyid 9181825EB6B573B3
version 4, created 1503007813, md5len 0, sigclass 0x13
digest algo 10, begin of digest f9 f4
hashed subpkt 2 len 4 (sig created 2017-08-17)
hashed subpkt 27 len 1 (key flags: 2F)
hashed subpkt 11 len 2 (pref-sym-algos: 9 7)
hashed subpkt 21 len 2 (pref-hash-algos: 10 8)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (key server preferences: 80)
hashed subpkt 22 len 2 (pref-zip-algos: 2 1)
hashed subpkt 25 len 1 (primary user ID)
subpkt 16 len 8 (issuer key ID 9181825EB6B573B3)
data: [2045 bits]

off=619 ctb=ce tag=14 hlen=3 plen=269 new-ctb

:public sub key packet:
version 4, algo 1, created 1503007813, expires 0
pkey[0]: [2048 bits]
pkey[1]: [17 bits]
keyid: BB332E024F36E32E

off=891 ctb=c2 tag=2 hlen=3 plen=580 new-ctb

:signature packet: algo 1, keyid 9181825EB6B573B3
version 4, created 1503007813, md5len 0, sigclass 0x18
digest algo 10, begin of digest a5 33
hashed subpkt 2 len 4 (sig created 2017-08-17)
hashed subpkt 9 len 4 (key expires after 8y0d0h0m)
hashed subpkt 27 len 1 (key flags: 2E)
subpkt 16 len 8 (issuer key ID 9181825EB6B573B3)
subpkt 32 len 284 (signature: v4, class 0x19, algo 1, digest algo 10)
data: [2048 bits]

Now for key flags I would have expected the main key to have 0x02 for signing only, and the subkey 0x0C (adding bits for encrypt data and storage), but they seem to have 0x20 (auth) added to them, the main key has 0x01 (cert) and 0x0C (encrypt) as well.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@WebSpider