Hi Tomasz-- On Sat 2019-08-17 18:45:24 +0200, Tomasz Buchert wrote:
> what would be the most "canonical" way to store arbitrary, signed data > along the gpg key? And then: what is the programmatic way of extracting > said data? > > My specific usecase is putting a signify [1] public key inside my GPG > key, so that I can leverage key distribution to push my signify key. As i understand it, signify uses ed25519 public keys. For this specific use case, i'd recommend attaching your signify public key as a signing-capable subkey directly to your OpenPGP certificate. Or, if you don't want it to look like it's signing-capable for the purposes of OpenPGP signing, you could attach it as a subkey with an empty key flags subpacket. If you want to include a notation that indicates that this key is for use with signify specifically, you could then include a notation in the subkey binding signature. This seems like the most prinicipled way to include the key in your OpenPGP certificate, and the best way to avoid having people get confused about third-party certification claims, since third-parties can't attach subkeys. Doing this specifically would require some conversion capability between the signify format and the OpenPGP format for Ed25519 keys. I haven't tried to do that, but if it's something that you're interested in, i'd be happy to look at it with you. --dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
