How can you create a subkey that can be added to a PGPSecretKeyRing ?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

How can you create a subkey that can be added to a PGPSecretKeyRing ?


According to the BC API, it seems that it is possible to add a subkey to a keyring.

Indeed, if we consider the method below :


We see that the key is added if it is not already present in the keyring. Otherwise, it is replaced.

However, I cannot create a subkey suitable for being added. The subkey is always recognised as being a master key!

Here what I can do :

I create a subkey packet, using the construtor:

org.bouncycastle.bcpg.PublicSubkeyPacket#PublicSubkeyPacket(int, java.util.Date, org.bouncycastle.bcpg.BCPGKey)

Then I create a public key from this subkey packet, using the construtor:

org.bouncycastle.openpgp.PGPPublicKey#PGPPublicKey(org.bouncycastle.bcpg.PublicKeyPacket, org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator)

However, this public key is recognized as a master key.

This is because, no matter what you do, "subSigs" is always null:


public boolean isMasterKey()
return (subSigs == null);

I've tried to find a way to create a subkey that can be added to a Keyring, but I am stuck.

All I can do is :
static PGPKeyRingGenerator addSubKey(PGPSecretKeyRing inSecretKeyRing,
PGPKeyPair inKeyPairToAdd,
String inPassPhrase) throws PGPException {

char[] passPhrase = inPassPhrase.toCharArray();

List<PGPKeyPair> keyPairs = new ArrayList<PGPKeyPair>();
Iterator<PGPSecretKey> secretKeyIterator = inSecretKeyRing.getSecretKeys();
while (secretKeyIterator.hasNext()) {
PGPSecretKey secretKey =;
PGPPrivateKey privateKey = Key.extractPrivateKey(secretKey, passPhrase);
PGPPublicKey publicKey = secretKey.getPublicKey();
PGPKeyPair kp = new PGPKeyPair(publicKey, privateKey);
PGPKeyPair[] keyPs = new PGPKeyPair[keyPairs.size()];

String userId = inSecretKeyRing.getSecretKey().getUserIDs().next();
return getKeyRingGenerator(keyPs, userId, inPassPhrase);
Basically, I just recreate everything...

But this is not a good solution. Any signature added to any public key is lost during the process.

Any suggestion ?

Thank you,