keybase
Key flags not as expected
Hi!
When generating a new key and specifying only Sign for the main, and encrypt for a subkey, the subkey ends up with more flags than expected:
This is the recipe I'm feeding to kbpgp:
var kbpgp = require('kbpgp');
var F = kbpgp["const"].openpgp;
var opts = {
userid: "Testy McTestface [email protected]",
primary: {
nbits: 2048,
flags: F.sign_data,
expire_in: 0
},
subkeys: [
{
nbits: 2048,
flags: F.encrypt_comm | F.encrypt_storage,
expire_in: 0
}
]
};
kbpgp.KeyManager.generate(opts, function(err, alice) {
if (!err) {
// sign alice's subkeys
alice.sign({}, function(err) {
// console.log(alice);
alice.export_pgp_public({}, function(err, pgp_public) {
console.log(pgp_public);
console.log(new Buffer(pgp_public).toString('base64'));
});
});
}
});
After taking the public key and feeding it to gpg2 for inspection, I get:
gpg: WARNING: unsafe permissions on homedir '/tmp/moar/'
off=0 ctb=c6 tag=6 hlen=3 plen=269 new-ctb
:public key packet: version 4, algo 1, created 1503007813, expires 0 pkey[0]: [2048 bits] pkey[1]: [17 bits] keyid: 9181825EB6B573B3
off=272 ctb=cd tag=13 hlen=2 plen=34 new-ctb
:user ID packet: "Testy McTestface [email protected]"
off=308 ctb=c2 tag=2 hlen=3 plen=308 new-ctb
:signature packet: algo 1, keyid 9181825EB6B573B3 version 4, created 1503007813, md5len 0, sigclass 0x13 digest algo 10, begin of digest f9 f4 hashed subpkt 2 len 4 (sig created 2017-08-17) hashed subpkt 27 len 1 (key flags: 2F) hashed subpkt 11 len 2 (pref-sym-algos: 9 7) hashed subpkt 21 len 2 (pref-hash-algos: 10 8) hashed subpkt 30 len 1 (features: 01) hashed subpkt 23 len 1 (key server preferences: 80) hashed subpkt 22 len 2 (pref-zip-algos: 2 1) hashed subpkt 25 len 1 (primary user ID) subpkt 16 len 8 (issuer key ID 9181825EB6B573B3) data: [2045 bits]
off=619 ctb=ce tag=14 hlen=3 plen=269 new-ctb
:public sub key packet: version 4, algo 1, created 1503007813, expires 0 pkey[0]: [2048 bits] pkey[1]: [17 bits] keyid: BB332E024F36E32E
off=891 ctb=c2 tag=2 hlen=3 plen=580 new-ctb
:signature packet: algo 1, keyid 9181825EB6B573B3 version 4, created 1503007813, md5len 0, sigclass 0x18 digest algo 10, begin of digest a5 33 hashed subpkt 2 len 4 (sig created 2017-08-17) hashed subpkt 9 len 4 (key expires after 8y0d0h0m) hashed subpkt 27 len 1 (key flags: 2E) subpkt 16 len 8 (issuer key ID 9181825EB6B573B3) subpkt 32 len 284 (signature: v4, class 0x19, algo 1, digest algo 10) data: [2048 bits]
Now for key flags I would have expected the main key to have 0x02 for signing only, and the subkey 0x0C (adding bits for encrypt data and storage), but they seem to have 0x20 (auth) added to them, the main key has 0x01 (cert) and 0x0C (encrypt) as well.
