x/crypto/openpgp: Cannot encrypt when subkey has no key flags specified

[ianlopshire]

What version of Go are you using (go version)?

$ go version
go version go1.12 darwin/amd64

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

go env Output

GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/ilopshire/Library/Caches/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/ilopshire/go"
GOPROXY=""
GORACE=""
GOROOT="/usr/local/Cellar/go/1.12/libexec"
GOTMPDIR=""
GOTOOLDIR="/usr/local/Cellar/go/1.12/libexec/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/8w/307zd5sd2bg_5jgf8tcqvlps3hc0zx/T/go-build381813307=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

I have been given a PGP public key by a third party where the sub-key signature contains no key flag sub-packet (see FRC 4880 5.2.3.21).

When the key flag sub-packet is missing the current implementation of x/crypto/openpgp assumes that the key shouldn't be used for anything. I've not been able to find anything in the OpenPGP spec that defines how this case should be handled, but I believe the GnuPG implementation assumes the key can be used for all of its capabilities.

pubKey := `-----BEGIN PGP PUBLIC KEY BLOCK-----
Version:   v1.2.1 (GNU/Linux)

mQ... (omitted for privacy)
-----END PGP PUBLIC KEY BLOCK-----`


entityList, err := openpgp.ReadArmoredKeyRing(strings.NewReader(pubKey))

in := strings.NewReader("hello world")
out := new(bytes.Buffer)

pt, err := openpgp.Encrypt(out, entityList, nil, &openpgp.FileHints{IsBinary: true}, nil)
if err != nil {
	log.Fatal(err)
}

if _, err := io.Copy(pt, in); err != nil {
	log.Fatal(err)
}

fmt.Println(out.Bytes())

I've omitted the actual public key in the above snippet to preserve the privacy of the third party I am working with. I am admittedly not an expert, but I have not had any luck generating a test key that has the key usage subpacket omitted.

What did you expect to see?

The encrypted output.

What did you see instead?

openpgp: invalid argument: cannot encrypt a message to key id [omitted] because it has no encryption keys

[FiloSottile]

Per the accepted #44226 proposal and due to lack of maintenance, the golang.org/x/crypto/openpgp package is now frozen and deprecated. No new changes will be accepted except for security fixes. The package will not be removed.

If this is a security issue, please email security@golang.org and we will assess it and provide a fix.

If you're looking for alternatives, consider the crypto/ed25519 package for simple signatures, golang.org/x/mod/sumdb/note for inline signatures, or filippo.io/age for encryption. You can read a summary of OpenPGP issues and alternatives here.

If you are required to interoperate with OpenPGP systems and need a maintained package, we suggest considering one of multiple community forks of golang.org/x/crypto/openpgp. We don't endorse any specific one.