OpenPGP examples/support

[charles-dyfis-net]

Adding this as a proposal / discussion piece:

As tpmk currently has x509 support, would adding similar OpenPGP support be considered worthwhile? Primary use case is to permit signing operations (f/e, code signing on a build server, to ensure that an attacker who compromises that server can only use its private key for signing for such length of time as their compromise persists).

I'm happy to take a shot at development myself. If you have feedback on pitfalls ahead, or concerns about whether this would be out-of-scope, they'd be welcome.

[folbricht]

That sounds like a good addition. Definitely worth a try. Would it be equivalent to what the x509 sub-command does currently or are any other functions needed with that?

[charles-dyfis-net]

Two parts:

• Generating an OpenPGP public key (very much akin to what x509 does now)
• Actually a tpm-backed key with x/crypto/openpgp for signing operations

That latter one I'm worried about: if things haven't changed since last time I took a close look, it might be necessary to vendor the Go openpgp library to make it possible.

The end goal would be to let services like aptly that implement OpenPGP-compatible signature generation in native Go use hardware-backed keys.

[folbricht]

The doc string of https://pkg.go.dev/golang.org/x/crypto@v0.0.0-20210322153248-0c34fe9e7dc2/openpgp/packet#PrivateKey seems to suggest that an implementation of crypto.Signer can be used for the private key. Perhaps we don't need to vendor it in that case (assuming this was the only reason to vendor it in the past).

[folbricht]

If you haven't started yet, I should have time to start a branch and try it out (without vendoring) the next few days.

[charles-dyfis-net]

I haven't yet -- I'm working on a larger system for which TPM-backed OpenPGP code signing is a component, but other parts have been front-of-mind; my plan is to start this component after all the dependencies needed to test it in a staging instance of the larger system are ready.

It's very kind of you to be willing to take a shot at it, but please don't feel obligated -- I really do expect to get there on my own, even if it's a little ways out.

[folbricht]

Just to confirm, it looks like I can make this work without vendoring, but only for the signing part, not decryption. Since that's what you're after, I'll add that in soon-ish. The issue with decryption is that it needs an actual *rsa.PrivateKey for that and not an interface.

[folbricht]

There's a draft implementation on the openpgp branch now. It only has one command so far, to generate an OpenPGP identity with a TPM key. There's also going to be a sign command soon.

[folbricht]

There's now a sign subcommand too. Though I can't get the gpg command line tool to validate a signature, it reports it as coming from a different key ID every time. Not sure why that is. Draft PR is #3

[folbricht]

Implemented in #3