Diffusion GnuPG 865d48518024

gpg: New option --include-key-block.

Authored by werner on Mar 13 2020, 1:28 PM.


gpg: New option --include-key-block.

* common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
* g10/gpg.c (oIncludeKeyBlock): New.
(opts): New option --include-key-block.
(main): Implement.
* g10/options.h (opt): New flag include_key_block.
* g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
(parse_one_sig_subpkt): Ditto.
(can_handle_critical): Ditto.
* g10/sign.c (mk_sig_subpkt_key_block): New.
(write_signature_packets): Call it for data signatures.

This patch adds support for a to be proposed OpenPGP ferature:

Introduce the Key Block subpacket to align OpenPGP with CMS.

This new subpacket may be used similar to the CertificateSet of
CMS (RFC-5652) and thus allows to start encrypted communication
after having received a signed message.  In practice a stripped down
version of the key should be including having only the key material
and the self-signatures which are really useful and shall be used by
the recipient to reply encrypted.

#### Key Block

(1 octet with value 0, N octets of key data)

This subpacket MAY be used to convey key data along with a signature
of class 0x00, 0x01, or 0x02.  It MUST contain the key used to create
the signature; either as the primary key or as a subkey.  The key
SHOULD contain a primary or subkey capable of encryption and the
entire key must be a valid OpenPGP key including at least one User ID
packet and the corresponding self-signatures.

Implementations MUST ignore this subpacket if the first octet does not
have a value of zero or if the key data does not represent a valid
transferable public key.
  • GnuPG-bug-id: T4856
  • Signed-off-by: Werner Koch <wk@gnupg.org>