Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/openpgp: add ECC support #22015

Closed
emersion opened this issue Sep 25, 2017 · 6 comments
Closed

x/crypto/openpgp: add ECC support #22015

emersion opened this issue Sep 25, 2017 · 6 comments
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@emersion
Copy link

It's supported in GnuPG 2.2.x and standardized in https://tools.ietf.org/html/rfc6637
@gopherbot gopherbot added this to the Unreleased milestone Sep 25, 2017
@Merovius
Copy link
Contributor

@emersion Can you be more specific? The package already supports ECDSA/ECDH using the NIST curves. There is an open issue to implement EdDSA at #18576. ISTM that this should either be duped against that latter ticket, or is already done. Unless I'm missing something obvious :) Can you provide a use-case not covered yet (e.g. a key that isn't usable)?

@dijit
Copy link

dijit commented Oct 19, 2018
edited

I have a key that is not usable.

$ go version
go version go1.11.1 linux/amd64

my version of golang.org/x/crypto/openpgp is from commit 0c41d7a

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEW725WxYJKwYBBAHaRw8BAQdAwTwmGX0laCjCfdV9hq66Zl8gtkuWYTUmOM5C
x8euSu+0MERhd2lkIFBvZ29yemVsc2tpIDxkYXdpZC5wb2dvcnplbHNraUBtYXNz
aXZlLnNlPoiWBBMWCAA+FiEEzhz6y1a//E5jft1XWq0O0JCiO/MFAlu9uVsCGwMF
CQHhM4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQWq0O0JCiO/PibQEA3oC5
xL/+Uu/N0l9g5sk42N12ZwWymnJzsp2RPnhCO7gA/1yb21j7fq2XZmUESFt0zCpk
C46UeMPqYCYQUC+/X10FuDgEW725WxIKKwYBBAGXVQEFAQEHQDO16d3GXUZpD6tZ
AjK6oZVDfBUaMHHEuNKkBBTqkLAXAwEIB4h+BBgWCAAmFiEEzhz6y1a//E5jft1X
Wq0O0JCiO/MFAlu9uVsCGwwFCQHhM4AACgkQWq0O0JCiO/MBRAEAxZmZ5dD2jdAj
JKYf/XOSGGntq+4Ipku3CHWuXfHq/V0BAN0opij8r00mhuqUWudlhhx+nX2iWUy5
LWMnWAnJ/5oF
=PJHG
-----END PGP PUBLIC KEY BLOCK-----

2018/10/19 16:26:43 encryptString: openpgp: unsupported feature: public key type: 22

@Merovius
Copy link
Contributor

Merovius commented Oct 19, 2018
edited

Yes, that's an Ed25519 key, so this is a duplicate of #18576

@emersion
Copy link
Author

Honestly I don't remember the exact key that made me open this issue. Let's assume it was a duplicate of #18576.

@antong
Copy link
Contributor

antong commented Feb 26, 2019
edited

@Merovius , when you say the package supports ECDH using the NIST curves, can you point to where this is implemented and how can it be used? I'm asking because this was raised in #30388 and I can't find out how to encrypt to a ECDH public key.

// From https://sites.google.com/site/brainhub/pgpecckeys#TOC-ECC-NIST-P-384-key
var pubkey = `
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Command Line v10.2.0 (Linux)

mQBvBE1TBZITBSuBBAAiAwME9rjFrO1bhO+fSiCdsuSp37cNKMuMEOzVdnSp+lpn
OJlCti1eUTZ99Me/0/jlAP7s8H7SZaYhqOu75T6UfseMZ366FDvRUzwrNQ4cKfgj
E+HhEI66Bjvh5ksQ5pUOeZwttCRlY19kc2FfZGhfMzg0IDxvcGVucGdwQGJyYWlu
aHViLm9yZz6JAMsEEBMJAFMFAk1TBZIwFIAAAAAAIAAHcHJlZmVycmVkLWVtYWls
LWVuY29kaW5nQHBncC5jb21wZ3BtaW1lBAsJCAcCGQEFGwMAAAACFgIFHgEAAAAE
FQkKCAAKCRAJgDOID1Rxn8orAYCqNzUJaL1fEVr9jOe8exA4IhUtv/BtCvzag1Mp
UQkFuYy0abogj6q4fHQSt5nntjMBf1g2TqSA6KGj8lOgxfIsRG6L6an85iEBNu4w
gRq71JE53ii1vfjcNtBq50hXnp/1A7kAcwRNUwWSEgUrgQQAIgMDBC+qhAJKILZz
XEiX76W/tBv4W37v6rXKDLn/yOoEpGrLJVNKV3aU+eJTQKSrUiOp3R7aUwyKouZx
jbENfmclWMdzb+CTaepXOaKjVUvxbUH6pQVi8RxtObvV3/trmp7JGAMBCQmJAIQE
GBMJAAwFAk1TBZIFGwwAAAAACgkQCYAziA9UcZ+AlwGA7uem2PzuQe5PkonfF/m8
+dlV3KJcWDuUM286Ky1Jhtxc9Be40tyG90Gp4abSNsDjAX0cdldUWKDPuTroorJ0
/MZc7s16ke7INla6EyGZafBpRbSMVr0EFSw6BVPF8vS9Emc=
=I76R
-----END PGP PUBLIC KEY BLOCK-----
`

func main() {
	entities, err := openpgp.ReadArmoredKeyRing(strings.NewReader(pubkey))
	if err != nil {
		panic(err)
	}

	buf := new(bytes.Buffer)
	a, err := armor.Encode(buf, "PGP MESSAGE", nil)
	if err != nil {
		panic(err)
	}
	w, err := openpgp.Encrypt(a, entities, nil, nil, nil)
	if err != nil {
		fmt.Println("ERR:", err)
		return
	}
	w.Write([]byte("Hello"))
	w.Close()
	a.Close()
	fmt.Println(buf.String())

	// Output:
	// ERR: openpgp: invalid argument: cannot encrypt a message to key id 98033880f54719f because it has no encryption keys
}

EDIT: Just to add, you can successfully encrypt to this with gpg and also the github.com/keybase/go-crypto/openpgp fork.

@antong antong mentioned this issue Feb 26, 2019
Closed
@Merovius
Copy link
Contributor

@antong You are correct :) I was oblivious to the fact that there is a standard to use ECDSA keys for encryption (in combination with ECDH) - I was only considering their use for signatures.

@golang golang locked and limited conversation to collaborators Feb 26, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
5 participants
@antong @emersion @dijit @Merovius @gopherbot