How can you create a subkey that can be added to a PGPSecretKeyRing ?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

How can you create a subkey that can be added to a PGPSecretKeyRing ?

Denis BEURIVE
Hello,

According to the BC API, it seems that it is possible to add a subkey to a keyring.

Indeed, if we consider the method below :

org.bouncycastle.openpgp.PGPPublicKeyRing#insertPublicKey

We see that the key is added if it is not already present in the keyring. Otherwise, it is replaced.

However, I cannot create a subkey suitable for being added. The subkey is always recognised as being a master key!

Here what I can do :

I create a subkey packet, using the construtor:

org.bouncycastle.bcpg.PublicSubkeyPacket#PublicSubkeyPacket(int, java.util.Date, org.bouncycastle.bcpg.BCPGKey)

Then I create a public key from this subkey packet, using the construtor:

org.bouncycastle.openpgp.PGPPublicKey#PGPPublicKey(org.bouncycastle.bcpg.PublicKeyPacket, org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator)

However, this public key is recognized as a master key.

This is because, no matter what you do, "subSigs" is always null:

org.bouncycastle.openpgp.PGPPublicKey#isMasterKey

public boolean isMasterKey()
{
return (subSigs == null);
}

I've tried to find a way to create a subkey that can be added to a Keyring, but I am stuck.

All I can do is :
static PGPKeyRingGenerator addSubKey(PGPSecretKeyRing inSecretKeyRing,
PGPKeyPair inKeyPairToAdd,
String inPassPhrase) throws PGPException {

char[] passPhrase = inPassPhrase.toCharArray();

List<PGPKeyPair> keyPairs = new ArrayList<PGPKeyPair>();
Iterator<PGPSecretKey> secretKeyIterator = inSecretKeyRing.getSecretKeys();
while (secretKeyIterator.hasNext()) {
PGPSecretKey secretKey = secretKeyIterator.next();
PGPPrivateKey privateKey = Key.extractPrivateKey(secretKey, passPhrase);
PGPPublicKey publicKey = secretKey.getPublicKey();
PGPKeyPair kp = new PGPKeyPair(publicKey, privateKey);
keyPairs.add(kp);
}
keyPairs.add(inKeyPairToAdd);
PGPKeyPair[] keyPs = new PGPKeyPair[keyPairs.size()];
keyPairs.toArray(keyPs);

String userId = inSecretKeyRing.getSecretKey().getUserIDs().next();
return getKeyRingGenerator(keyPs, userId, inPassPhrase);
}
Basically, I just recreate everything...

But this is not a good solution. Any signature added to any public key is lost during the process.


Any suggestion ?

Thank you,

Denis