gpg: add APIs for subkey interactions, revocations and key signing.

[syadav2015]

This commit addresses
#10 by introducing
subkey support in the API. The corresponding golang crypto library
changes are in process of being merged upstream at
https://go-review.googlesource.com/c/crypto/+/161817/. Documentation for
the new APIs has been added in the README file. A brief description of
the changes in the commit can be seen below:

1. Handling concurrent key read/write for all APIs.
2. Subkey create, read, list and delete APIs.
3. Key and subkey revocation API.
4. Key signing API to show trust in another key stored in vault.
5. Breadth tests for all newly introduced APIs.

[codecov]

Codecov Report

Merging #18 into master will decrease coverage by 6.04%.
The diff coverage is 74.82%.

@@            Coverage Diff             @@
##           master      #18      +/-   ##
==========================================
- Coverage   87.72%   81.68%   -6.05%     
==========================================
  Files           6       12       +6     
  Lines         554     1092     +538     
==========================================
+ Hits          486      892     +406     
- Misses         34      102      +68     
- Partials       34       98      +64

Impacted Files	Coverage Δ
gpg/path_decrypt.go	89.87% <100%> (+0.26%)	⬆️
gpg/path_sign_verify.go	91.19% <100%> (+0.22%)	⬆️
gpg/path_show_session_key.go	92.85% <100%> (+0.17%)	⬆️
gpg/path_export.go	85% <100%> (+0.78%)	⬆️
gpg/backend.go	93.54% <100%> (+1.24%)	⬆️
gpg/serialize.go	51.06% <51.06%> (ø)
gpg/readwrite.go	60.86% <60.86%> (ø)
gpg/path_keys.go	84.18% <77.14%> (+2.36%)	⬆️
gpg/path_signkey.go	78.18% <78.18%> (ø)
gpg/path_keys_id.go	78.57% <78.57%> (ø)
... and 8 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7f2c7df...3c495f2. Read the comment docs.

[syadav2015]

I tried to increase the coverage offered by the tests in 3c495f2 and the go cover tool reports 84.2% coverage (up from 81.2% in the original commit). After looking at the coverage report, it seems like most of the code lowering coverage is in the error cases gpg/serialize.go and gpg/readwrite.go (e.g.: entity.Signature.Serialize() errors out or vault storage errors out). Please let me know if the reviewers feel there are any test cases missing and I would be happy to add them.

[LeSuisse]

Hi,

First of all, thank you for the contribution, awesome work!

I tried to increase the coverage offered by the tests in 3c495f2 and the go cover tool reports 84.2% coverage (up from 81.2% in the original commit).

Thanks for taking the time of doing that. It looks good.

I will do a more in depth review by (hopefully) the end of the week.

I will however not merge the PR until your CL is merged into x/crypto/openpgp. The future of x/crypto/openpgp is currently being discussed (see https://groups.google.com/d/topic/golang-openpgp/_P6AmeCmD9w/discussion) and I would prefer not having to maintain a patch on top of it (or one of the fork).

[trishankatdatadog]

Interesting PR, thanks @syadav2015! AFAICT, the in-memory/file physical backends of Vault already handle locking, no? If we need locking here, it would be on a higher level, such as adding subkeys around the same time to the same master key.

[dataO1]

@LeSuisse Any updates on this?

[LeSuisse]

ATM no. I'm guessing this could be revisited now that this repository uses the ProtonMail fork for PGP operations.

DataDog fork of this plugin has support of subkeys operations: https://github.com/DataDog/vault-gpg-plugin

Maybe we could pull back the changes in here. That said I'm not sure I want to add it because I am not sure to understand what we gain from it.
In a situation where the subkey can be compromised it is likely the main key could be too. Even if we assume that only a subkey is compromised (e.g. due to too permissive access control) the key revocation story is not really great in the PGP world so it is likely to be as much work than completely rotating the key anyway.

I might be missing something here, if you have a scenario were this could be used which does not have a better alternative than PGP I would be interested to know.

[jdelic]

@LeSuisse

In a situation where the subkey can be compromised it is likely the main key could be too. Even if we assume that only a subkey is compromised (e.g. due to too permissive access control) the key revocation story is not really great in the PGP world so it is likely to be as much work than completely rotating the key anyway.

It's important to know that GPG can operate without the certification key being on file. The keyring I use every day looks like this:

sec#  rsa4096 2016-09-08 [C] [expires: 2022-07-18]
      23FC12D75291ED448C0728C877C339AB7CDC4589
uid           [ultimate] Jonas Maurus <redacted>
uid           [ultimate] Jonas Maurus <redacted>
uid           [ultimate] Jonas Maurus <redacted>
ssb>  rsa4096 2016-09-08 [E] [expires: 2022-07-18]
ssb>  rsa4096 2017-12-31 [S] [expires: 2022-07-18]
ssb>  rsa4096 2017-12-31 [A] [expires: 2022-07-18]

GPG defaults to creating the certification key (7CDC4589 in my case) with the C and S flags, but this can be overridden during keyring creation. My certification key resides in a secure place. The 3 subkeys for encryption, signing, and authentication in this case are stubs (ssb>) for a Yubikey smartcard, but that's orthogonal to this discussion. The # in sec# denotes (in classical GPG user-friendliness) that the private key is absent for this key. If I want to change the expiry for a subkey or rotate the key, I need to bring out my certification key.

Right now, following the defaults, all keys generated by vault-gpg-plugin look like this:

sec   rsa2048 2022-01-11 [SC]
      A981AB882A47A4058760FF7E00A776305EEB7931
uid           [ultimate] saltmaster11.test
ssb   rsa2048 2022-01-11 [E]

Without having looked at this PR to see whether it makes that possible, I would say that the option to keep the certification key in Vault with the keyring distributed like the above, would be quite useful. Essentially I'd argue that it's useful to be able to get to this setup:

sec#   rsa2048 2022-01-11 [C]
      A981AB882A47A4058760FF7E00A776305EEB7931
uid           [ultimate] saltmaster11.test
ssb   rsa2048 2022-01-11 [E]
ssb   rsa2048 2022-01-11 [S]

@syadav2015 is the above possible with the operations defined in this PR by any chance?

[LeSuisse]

Hey,

I'm aware of that but it also means you end up doing key management outside of Vault. If that's fine with you can import your key with vault write gpg/keys/my-key generate=false key=@my-key and have something like your last example:

$ vault read -field=public_key gpg/keys/b | gpg --import-options show-only --import
pub   rsa3072/0xED168CC9E9F16E08 2022-01-28 [C]
 Empreinte de la clef = ABEB AAB3 9622 F710 D212  6C5A ED16 8CC9 E9F1 6E08
uid                              AAAAA <[email protected]>
sub   rsa3072/0x50DF09084E780363 2022-01-28 [S]
sub   rsa3072/0xF66C0E131223854F 2022-01-28 [E]

This is what I imported in Vault (this is a throwaway key for the purpose of the test 😃 ):

-----BEGIN PGP PRIVATE KEY BLOCK-----

lQGVBGHzv0UBDADFuBitVmO7Iiv3xY2bUj4SYywW6FZxwg3Cq2u6eddQpTXYdDpP
RVBCazp4expxIoEjoCDX09+m4Shil26zLCyXEXYGZCDVAfB8CNBM5Dp139Fk6Lxy
TqLH3OHyn+mu4EsoUM8bjeXLcEqQWWKX4dHMcCWEXBNRuzzmv4KQvmqqeCej+CFp
qh9yeITY7x1m847KG3MFSVDIukG8K5yZi+cEJS6CN9EatcStiErFm3o0SrJuSsAM
S9UkQHI3BKJZANNOVF7A6Xb2IzNgWwmhFfy3gPsYgwYa5tl4kygnPqcbcwOahK/z
3rH2GEYftkIGSrJY0ihMkyXpAgG2m1GxJ79PyFJ9MnbJo3hfOgxaO9nLtfqF6Lj1
HQ4xJ4AHrbZ0F6pXosGuiK5QWhCfoWik829qqP3C5C6yDg7gXhlHY/wxtqlCG0JN
ost7f77Oe5ogkNjkI4mpW4x7wT1g76/DpPF6Cqmsjf+lzKQuRAC99cMEg18/Hwx+
suaj8vIiugFTkekAEQEAAf8AZQBHTlUBtBVBQUFBQSA8YUBleGFtcGxlLmNvbT6J
Ac4EEwEKADgFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AWIQSr66qzliL3ENISbFrt
FozJ6fFuCAUCYfPAHwIbAQAKCRDtFozJ6fFuCEgCC/9gRRZ7caq1Hhan4wL4MtRo
mCX+J3C7O8/NdfcsS4RRwuPOeeUgzhC8LJ0q+CVEFtEExpX4QcvBb978yXTvBVFw
iW64R6iDBCq+/H4xBAOOmOW246J6iYTZ8E7+NmHQN/jUAnyZX3PsFlM9s/gEuv2u
4FI6xsR8X5c6rv50aDadiWw1+bj0dLlk5pEgOAvfga4dCUSyn4U7PBLhpaP3nPqn
kqaAasZFVG9mpBOup7nv0E1Id5/aco/xQkQXxx/MSkPc+prQt7cbJf0RiuLwkeak
HooPtIxgy4m+8XueoSI+KmVyZ7cOpzNmHDFzeb8Y5gAjT2VpyPaoA2IE78MDT76f
GoZhql2ovg4GfOfM6/JFcEIxVAsc4HULrv/W2j0IiXzLJ9K6qerpY7aogoMMINrb
zrWqUXGe5XMkO3nMT8qdIZMF75UIM3Ecm7XYK34CV+uLpTVA6ZWN/S+xHstVcY/K
eLkIRmqP+jaE5qvm/TyKpL2Tu4H1p1MdyM91s2QYReqdBVgEYfO/sQEMAM4dJ04z
J/2hD08yIjtxNWTLJPE23mZJIN9uXQddJcg4AUPdj4lqVfuLeJzSTh4UqpRpbkKA
wIQyow6iLG/8GZS7SNfb+97jpEIV9W/DDP5wvY0rXzvlHUCXm3faeGBYulKqGryl
j9y5CPBlbzS3+3LqFaHcA+k/hHez/sClEszNjIRyvWYpUSVlc7ZZN4w4u0vgwltT
Zc8dSKgFM9vJj5HwcYSnUVnZ8hTjW1dwyuNNP9TW5S1nyz3Ll0mHUNMmuqrOMpfj
L5EIHyZ/b/KeFmIy/c5ZjfyzIZY6KLr5ZsJj0jF87vW2/xdyeAiAJO8wW3IA/V91
zjqOaQM/uaN5FIyxS+Be9mN5q1MnHl0G91QpdpPX+ne3p+uiPUTmBTZWKtA18MFd
keAOxWu6EE03h0cjVsKvQPW12p0TIW7r5R1H9+MV8mnrT5EzySyqvRU9Hutm3VRM
rn1BACxrDFJMklUBfkkmZkrOLx7XSRaWSdyx/VRbohUJzauMhwTN7FNHuwARAQAB
AAv7B39n/qA9xCwnsmnQdPkZSCFbpqqoTHA8keQh3jK1PSNMaHuWzRjhJ9Va/dlo
ng+CZQOwzxp/5k8xP0cG9svk4lQtwixubR06zGygEQC3aEoRmyEIxdT/y2m4bhO0
bUzM+lTVxCcBpLXWbWhDM1e9/eAmCU1HlySIXRJfIgLfPDP9+JNz8FNwcDvQicGV
E7S8m3YBm/DcszwNeI8347bhUh29A2ZSv0H+XGQo3nVr6/jTaZqnm487BXRyfGo/
tm6iKvqk6OwxnJzax+fzPmbwaPO21BwOLna4UzAU9rA2oHFCmye2TNGLj5Hzrj4W
fcTiEH91Wa9fkqnlLsdxHLF1doIQv9GAHsQVjBsJp86aTSYrkdmUicGbQWbW/+/+
ysqE3BBFSKZoK65bsTtv0ud5tdHxhqHEPgH9dmU0uIOPWTszcJjRe3m3CBx3SWpc
O9n5kotUtleEXzZcXHDQaxnc94iqU2foL/rIrQMpBF84DKUpT4OafJpBTlc/KS83
EwKBBgDckRPvPstzjuc00USOvw5h0+Rge2QS5nkUzDg9jvXg3/iFz1pr69ULz7C6
f/nDYq33Jzvwv01X2Ib5K7EvxdprPzjZZ8wnu31OKOEVp3FpGGETss2MvfTr839s
eYUvpPwhLk9DJ27bfI1feJ2kyPceupp78Fabny6Q76FjqfZQ5oGXZAc9GIBCeHuK
6ZkNcup7BV23Up+xvOMe0eu7yKLwgTkQt3O7E3lz6gKGFovO4hmv8hCkxxOmq4sk
9kF11scGAO85sgi9CBvriecUDzfTIcjy4ZvyiP+b0mUJab/d1+XSjnVO7WTe4cO9
611GGm9OjfnT+SYLalTOz+07j71NoFzFe6Fa0pSiOgal/x74NZ9rNUicwgk94sh6
S7i/GzeEjHk3l/HJzpsQkW8kIF3E1SxP5Jck1cI5hVkq5ahvek+LDfEJUc0f2yNn
LhL5O2rGL6iNY/GR0fAph0aZdu7A685rdAgWFBO0oDaKsf9K3WybtMA70rR57luV
p6Ph8smDbQYAtdJgJ9ik39QVzLQ4+8HogMxyNwT0Jlu9OHRl6ZWA1khU8tly4qrp
efgxkse67iWMS/Qg9JTMs+gjXu7N1NcCQ8kdjA/i+ubIXmdZoEFt/UoQSJDbE2Qo
/rRD/iBp3AqBASzQSvOb7WPNwiVpDCTBFAksWoZdy83ryOQOJ0l23ymVuXPHcUo8
3u+3F+1RLUeymRfL9F9ub9Mxb7gDm9J/desA+foA7IP1PXkvbk6jNzI19QDJCyit
J8jSbhrMdM2m8BGJA2wEGAEKACAWIQSr66qzliL3ENISbFrtFozJ6fFuCAUCYfO/
sQIbAgHACRDtFozJ6fFuCMD0IAQZAQoAHRYhBN2MYC7MYA88a5ruMVDfCQhOeANj
BQJh87+xAAoJEFDfCQhOeANjDQEL/0e3sMScBCS71Pxw5We3kc6PrH1CUFrQUCF9
UgoRJo3a4iXXJgCr1+sAmEnXX0u1FBwnSutURnA9mnqgo0K3ks+7AoBCjETRFsMR
G5KJJcbWiWYIIg7UXaWFbFCXYHImwMJGN7Vfsa4w7E/qmfVT+V4VggefkFr/w8SU
wEHnbAeK1DdyZ0lN8m4f4YzgD2iShgijb7AnyW9sIZ3OP3WS+bnqkCKloDeBISwi
uTvnlR/f6TzwFr/VabU8/SMXRJX1HDfeHdd7YTtWiYvva3xszYK5Dp1dyoz3AxSb
tP2Gt3rm6rVRzvQ+aWzgr8Spa8ZUkoW1BTn0M4jCQA5BlsJvlMYtIvqs/HmDWfk/
FU4m5xDO0KJuVAELcoWgXU2IvKcsrTIbDyn8myt93qEjFNMXfdhtHhPNldv7QgSe
RS17ckjxiOnZbBBLSh0MoApCBXxt3r6llyBnF3i0h+81D0m/hwC9hdph2LEwR4sQ
CFY0XS/bSNCOY+qXLjd/K2W1WL7n1CKlC/9XX3aEMudmvxmuHnq/EIfKwLc2R1Sr
E8XPzys+3mpONclKJ8nZImJqJh/fhZ1Gpg1czwJHcLaCIc9AOpduoGoUdDsjmhAA
kIqMe8mIgfvESbqCsIJCK1s9cDDDzngtUQ1mqTyfI9/kC/cqcLzC5O6ARORWd9ix
GyEy9tmX/+5vqThUNjFf1dMgU42qPSTVrPKfTok9uTtq2Oz4z3PQ4L2yiPPkVGzM
e2JVisaWRWpMY6kArp4mLpV+upl470PxEk+4ZjDoY9HAB1oo5D28hF/ChaBU9dRC
lrtVFQpHNEL0ZUwAOTB1muaJz/+D9wCyvAXxSbAOo3xpNHeb2Gz/lV0n2Tr+KUYH
0UH+ldLBV/K8fCulTq73hCjnkJeZKa8fL+LCja35QT8oz3ERU6b8rBe9hhRZfTCL
Xf56h2UlKVd3t927agP9tEEfdRwgO54nOW2VliAASpLazWd8iTv379PDoOdL9Zdw
GYSw3CVUj5PoxCUs4j4z3cMel6kp30vyFbudBVgEYfO/vwEMALunZ4mfbVRpbXWy
dzMC9VU7YYptwwU50ifJEnCKrBD3LL2Jn76jNnkxx0I2OOdN3ysUIEadN8I93eSq
R2m5h3u4r9FK3dU+CG6Ss6gcn2t0nBcYH02Dj5VJwwMPrCl1l0dGHurPzJMS6eZU
pjl0r6yVjNx5fszJJzyLryo58BsrcTZmOSN+SF9QQ/S39k8cxFIOF/dCdxsmzwKO
XFFzVOYc3jkpWH9/TPYXFKxxs8wUDQxIvAAE49yQccRpIh/4pgiiHXbzMvVionwx
s8f0gOdvJLyN2ZZLYr6TUpahzy4buIMGR0wOEdqhe/9T6ZfcmENSrLp73dbURabi
kGQpi5tM0GT72qtJwU/2RzYlIBlCPggS1PvUiq6S7s5C2fKeUi/OZSAuAuMEG7xY
gIEB2juTm08cKIU3/eU2MZO43VbMvdAtpBHVnzW6a4AxHJRpfgZFZp5uHxIKr/Dy
xI8a7qV1GIi8485FL4WDE77jLY8zadL5wju7oDV47KK4W1fGYQARAQABAAv9EN39
e7yRjHCUhuuFdNebey+E9zch/C6EEhDsACMqz7ST+C5uZimP/ClKBozOpRXWDS54
Lziy+hnq/8KBfEKRp8CERyzyTxhOFDhJ/z6hYrx+ykGgEKzWY14Xsgb+29QmxqCK
J2OJuR+OWCZ8MXZoUvw3RtsB14DuLq5EjqhaCWsoeDIMiUDw2uZhUVYWxOoqSFDd
fRtjjtR4b3uh1y1lcHCgVeV+P6mO3qDY+h4XQez8dkH0ahEGdT0jiLrFdze3d12R
wftMTesUzKjlLB+4pB0ZZEWny7vfLScGYYA97229c9sOHMr3jvylnvhcNpBSQZSL
53glqy67/8SeGlOTLCkUx9/sZniOhgu3K/w5bZb2RHRmbn5IhGtoTErKuEwXFQwe
1y93lOiv4a+cejo0MdZjhBp3/BJzWZG6YEbQ2a359VS5tsHL8s2jxgAg/FdGPsAN
Twe4ZsbUR1d8NInv5OCnUAWPJPd3eg9sNzuBjBr2KwBHkiPPR63yfFgjWoARBgDO
EnrUFQQDj/VDM77HsJooEDirI6qxs/igILOXBGK9cz4WA+PGbQzTd4hF42l5uJMP
n6FFxfktne/fbimQUXVlYdmBjplz8jeMv1J/elUfJserhJYAgJmPf/WOWpCCUPpq
FY6XLujQeByUuDEBnu1+GNUXQELikxTfOYwDOc7RNcS2mt0BqQO7SnN2nKdLoV61
IdKMBK/OpKReI0iS4vZY1JHyMq2D0JfmZl5h1AGrBu9+VWsPC9MlUlWfDwyCVskG
AOkeipzTJ4PIED3y2ZbO6XAw2HldOtDrYRQg6y3e38JcwgTGawv8l48zOcM9c3xS
z4ZX4ajWC81iZMASmCIMwgLuPLdlHbzCf9EtD00UZkVvgWG7ESYrCV97alce8hLM
uTAyMwLh+TDmxIvfiObXUcczHlReOT8mZYpbQdE9hwftfepyMWqcHI4Q0HlFaKDk
bnPsztWaHxKV1fBdMBW45tkf5IwjJPBqpJIiKUqwSmISMhVZA43XmeRNekPasHeG
2QX6AmtewnigjthTCRNACwAfzNIWXhk/u2LxDChZyk0VZvTuSzZfe/DpHKbp28Mi
samvakCLm8Y80lytYQg9GNfwRXjbMC8T6VBOz/amHPkLrq0wvzcZr6ZUo1elZ2J3
xexKJtskBFjMKH8mBkc1FHQYa3egtMP9NMpmLe7tF2EIilUi/OENEUBMmLDsy23R
pFI/jY+N+7j8141ijoJBIxKM+IzWkKp9PW5sHbSxMpNAEUhL+nm7SDpj/pl2kvVW
/t+A0rCJAbYEGAEKACAWIQSr66qzliL3ENISbFrtFozJ6fFuCAUCYfO/vwIbDAAK
CRDtFozJ6fFuCEXVDACbsqV3RsjuEj1/tGrQYOeiCoItlhEpgonADjgF+Ta/YSL9
Zh0Byr5AFaZ1agoP0F/pAxeXTDJFof+ZcWvJvtOLNn+MCnbbzYgixjrIzUVv7VYs
dxodcZ/xlnUeTmYIzTMY9iAZhRjep66KqZz66psh3ZfbecTVkDIBBZuTFzn+n3YU
hYgh3QiN6K+F/s96pNY7dbwdywlXua9/4IIrcHQ7sHwPqU6yceGZdEk1s86k06jG
OH/KzQrCN9KfhvJwbtPxNbTfUB0zm3tXc+F7Z5fMSlbubUIEI0T4/TTT7qVtYXK5
WqFkgvPjhQc1wWdFnvVz3A/LFr6j2GLt2aAG6DNt+rHXuXLu54yL0fYwcs4p4WqE
zhUWo3n1rq0RQTGJRVU36QqNRzEIdHuq/udfyaa5whRmVkE6iitE7TpRMNykpBfB
TV8/+Pyep/Jj4nvwJFgP4m0Zmbi0i6O3IcjI3qWgawk667jGEPwZkk12TrdinmRI
1bQq8B4b/fKIosM++AI=
=8fF7
-----END PGP PRIVATE KEY BLOCK-----

[jdelic]

@LeSuisse

sorry, perhaps I'm missing something obvious. But why would I end up doing key management outside of Vault? Couldn't Vault create a keyring with an "unexportable" certification key, and export me a keyring that only has the subkeys intact? Key operations could then only be done inside of Vault?

[LeSuisse]

OK you want to use the subkeys outside of Vault. That was not how I understood what you want to achieve.

So yes it could likely be done but this PR does do that in its current state. I'm not sure what the advantages are to be honest. In case of a compromise of a subkey you would need to push to the system using the key a revocation certificate. At this point is it not as hard to push a new key and drop the old one?

To be frank I'm not sure this is something I want. I created this plugin to have a solution for situations where there is no other ways than to suffer PGP/GPG (e.g. signing packages for Linux distributions).

[jdelic]

@LeSuisse

OK you want to use the subkeys outside of Vault. That was not how I understood what you want to achieve.

Not just, but it would fit my current use case perhaps even a bit better than what I originally was going for when I wrote #10. Using Vault as the access manager and secure store of the certification key sounds appealing to me. As does using the subkeys through the API. :)

To be frank I'm not sure this is something I want. I created this plugin to have a solution for situations where there is no other ways than to suffer PGP/GPG (e.g. signing packages for Linux distributions).

That's fair. I have been using this plugin in production for a long time to generate and store keyrings for hosts in distributed clusters and it already solves a lot of those use cases.