-
So I have a key pair, and I need to add a new userID to it and self-sign it. Can this be done at all? There is no obvious API call do to that, so I was about to try building the packets manually, only... Both I'm currently digging through the internals in hopes of finding any way to do that anyway, but I would very much appreciate some insight. Looking at the rest of the discussion section, it doesn't look like I'll get an answer though. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
The simplest way is to call If you need to preserve the original key preferences and signatures, you can take the reformatted key, and copy the new user info from there, e.g.: const { publicKey: temporaryKeyWithNewUsers } = await reformatKey({
privateKey: originalKey,
userIDs: [...],
date: originalKey.getCreationTime(),
format: 'object',
});
originalKey.users = originalKey.users.concat(temporaryKeyWithNewUsers.users.map((newUser) => {
const destUser = newUser.clone();
destUser.mainKey = updatedKey;
return destUser;
})); |
Beta Was this translation helpful? Give feedback.
-
Thanks, that was sufficient insight and better than the thing I cooked up with which strung together bits of internals -- it produces apparently valid signatures, but misses all the key settings completely. For the record, my method was something like this: const newUser = publicKey.users[0].clone();
newUser.selfCertifications = [];
newUser.otherCertifications = [];
newUser.revocationSignatures = [];
newUser.userID = UserIDPacket.fromObject({
name: "New Spiffy User ID",
});
// Now we basically duplicate bits of User.certify:
const primaryKey = newUser.mainKey.keyPacket;
const dataToSign = {
userID: newUser.userID,
userAttribute: newUser.userAttribute,
key: primaryKey,
};
const signingKey = await privateKey.getSigningKey();
// Then we need to partially recreate createSignaturePacket, which isn't exported *either*.
const signaturePacket = new SignaturePacket();
Object.assign(signaturePacket, {
signatureType: enums.signature.certGeneric,
keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData],
});
signaturePacket.publicKeyAlgorithm = signingKey.keyPacket.algorithm;
// We can set the hash manually without trying to dig into getPreferredHashAlgo,
// which isn't exported either.
signaturePacket.hashAlgorithm = enums.hash.sha512;
signaturePacket.rawNotations = [];
await signaturePacket.sign(signingKey.keyPacket, dataToSign); // detached is false by default.
newUser.selfCertifications = [signaturePacket];
// Since this is a totally new userid, we don't need to care about merging
// sig blocks, so we just need to stick it back onto the key.
publicKey.users.push(newUser); Just in case someone comes looking, however, something to keep in mind:
Creating a temporary key and pulling the new |
Beta Was this translation helpful? Give feedback.
The simplest way is to call
reformatKey
with the UserID you want to add.Reformatting creates a new key object, but it will also potentially change e.g. the algo preferences, to match the values you'd get using
generateKey
.If you need to preserve the original key preferences and signatures, you can take the reformatted key, and copy the new user info from there, e.g.: