Cannot specify subkey when signing

[nf-brentsaner]

I have a private key with both an ED25519 (256-bit EdDSA, that is) subkey and a 4096-bit RSA subkey.

I see no possible way to specify signing with the ED25519 key, the library just takes the first subkey capable of signing uses the RSA subkey (it seems even if the ED25519 subkey is the first subkey, it still occurs).

How can I specify an explicit subkey to use with a PGPHandle/PGPSign?

[nf-brentsaner]

To reproduce, feel free to use this example test key:

-----BEGIN PGP PRIVATE KEY BLOCK-----

lFgEZo+swhYJKwYBBAHaRw8BAQdAXI1L5Jw+YgFdZklh9SbEN9hFXtF5a0Rq9dzJ
qxIQaJwAAP47TpAuq8FE9Su0D7PngSes2cCp5WQ6coI3X4Fpz8eDXBF0tC1UZXN0
aW5nIEtleSAoVGVzdCBDb21tZW50KSA8dGVzdEBleGFtcGxlLmNvbT6IkwQTFgoA
OxYhBGFIuNpZZVURV6rMzjC+1sWu+T3iBQJmj6zCAhsDBQsJCAcCAiICBhUKCQgL
AgQWAgMBAh4HAheAAAoJEDC+1sWu+T3iHWgBAMYY34j83NNQ2i/BhuiNizvljvzy
/glnLZyi+gdg2SEDAP9xVsuPVxUZnmErDGBc2gWNYeuY8SBTSOlAYr6RwWaUBJxd
BGaPrMISCisGAQQBl1UBBQEBB0BuikD6c21S4Nj/DqLe2Bjx3iIKFBl1jmC3zNBB
6kPvbQMBCAcAAP9ORnbLuWJihvT0sCVNrtlHyR+dyFVBVfUJziyKhxap0BF/iHgE
GBYKACAWIQRhSLjaWWVVEVeqzM4wvtbFrvk94gUCZo+swgIbDAAKCRAwvtbFrvk9
4iCVAQDql8EXYbK9H6xENpNpGWrYy0KSRBZyc2AIO5sSwLj52wD+PQ13ullQbtT7
DWczRC6ztnPvzne+GxmEqyy3KoM3XQadBxgEZo+s4AEQAJ3hHjF/r0R719oyGIp/
Jmby5+9v9UYGo3YwLRRluMo3rPF1YBvMWOx1eNlIAHcGp3A9ATP+SVfLsJt9Wj1P
6NVFyGzXEeUhIhJNvdLEIzDgT4YXlwcFa9DPLrNVmovy78P+NkgZwcc34046fD/c
tLpbX4j4bic3cEQOeZ3S7GdZPT3IsH9rtjLR2gO5N0DF3Pp2hGH2RSg6mnZVtDmo
oftmNeIX97qobgPr8SWh4JuDu/GPFB5lDo1DpFOP1LUoE7lZ7l55qKm65o1sSa1Q
JLKeRiGoOzzmlzHTzJXRNoZOmR7hNrr+SmQ0GLVBKPQ6/hqRJx5dJT0gtl75RpzA
weKIt3u06WoZf8B+eC5cMhJg3Lk0tH3uwZeysNNaKkMVHkWglmHFR0tZfEwpCAPf
vOw5JdZhHQ1SRTVhWu6caBCuvw1GGm6OoVDNpeeZkoLxI1K8bLiECeFHIMkGeEKS
omsnuM3zqKCONKcTi5nh9OQhgr0lNboWF2MWyFTidZ9twT1m+cuu9gOrW7G3n4Hl
+bhyjNvx7qk+18W9Ol68l/IAtoybJ8ZL7thxj6vMq6Rw3wYJgRGR+xVKWJmYLBRn
9POmFP8HUE5APZD9URZovn79AdNdWNd2pvmr53/xOLOzUqxnHnAMpg7aBXSqGBKk
B48N+hwr9y0GTB07ZREWv3j/ABEBAAEAD/9GLjZ6QWybUEPk+gTft+LNu6evT4Dj
1nqeRI8ddJRey74Efa0x3jYfMp78U13lix8uLOgWgTCAJwsEK4ZMH/P7rjAIddg+
Furq4QUDJm4QQX4IOP9JPzcslJSJYoG3OVAsuxnNFioGEUlpUmU+DDGIb6q5m9l3
dFTi495a8lJlJI2tI8OVeL9+ursjkZdGo032Rm3VkCAw4FAeTz20rcoHk2lbblUQ
c+OnuZ+yH1HVP4txtyz1z+1WjV2ESbj/qGeQKrJj68e2X18yOZNMyAXwIpxBROPE
UCqgmypj5KLMtC6rw+hM2lIeVewv0l3Op1SiYajWfghaMmrvL/ccIjFs+49xy261
4wR3Yz9oieaiWPnhhpmSa034sO0RVWrQ3SmXtyiVp9O7zFAYMI9zHNOpmw896gnu
fMgVzeCFdYcfVkoJlfUHL011EDQY7cEVv/j7FLxIBweakQ79Tp0ddqNLvTQ/LHk4
B31dMBBUWvQQENtoa+9uFW8Z61vLz7BvYZYu5kizPZghzUkinkZz5A4wDlgIwaBH
+GB5H8xx7H4cqjdWMxIUjoxzm8O7h/F0eOl95IZq/1DHbrdv0GJolpz7FttZ6vTX
fUO9/w++UEkpeiyyE9iH1TIOSUOq4O9rX7vsE3ZTg02SxX9TgPf1Qb/zgQrbacnT
ngsxBZgw2mwRKQgAwtSQVMshAvtgOaiJGwACrWIgEs2bl7NtWK4ogAGXljWpBMFJ
/7IjM1tisRgLbd3bL1SYa82ETUDWzNSBSUu38OA34lZEhY9othvMvTYiF+FZ7mNo
hWRr394oJBfLrtyoTVkuZW2aXob6PpOWdd+o9Ph3X5iJTwz845r6Bd9RAvFObz44
578kwBJndl56s/WEao36Ktt9g0L8r+4JSUKu079IZfr1X2mmDjxPuyS4deps2BUH
UrxB0BeZXppFO2bVnz1U/bGt1WLnuBgei9pROB4nkAv+7dgJaP8tm46aLiE1itBk
Mt7Ai9fXNVeAAgCRpQGD2p83uRHYXIL4CL+TuQgAz3KhZSYpHySsQ9rmU8rqpvxM
/C0zd32gFQo6COk+ff7Ata6xgj/4ZukV21ySqXHwu9kHJgZzLBJ7OADzo+N2XWqP
LZqZL0/GlqO5OZGu0I99Y0Ut0VCvc6VKY33GM/JhZD1gE93PuEnx5/wS6XZ6Jlzf
y4v+TJzIGMF/FoeB9bJ15Qp7/EGlJHU5Q+KeaxXy0KNtAj6otM570RhHimHXGbis
nLBIqQ8fgHvWHHnvSRkaZ0Oqe+F1F3v5HO8KMdX2Kxh0udPSZR9pbVAnq6+wadG4
dbuABD33yzSYZn1h0UxxgpGENgl+AMKP5hsqNcFmYoN2lx0dLQF5qb1C6sM+dwgA
qtNVp5+V5N+k22kPVjqf+wMjOOvy1X/GEZJM7LPGa7FS4xsXKYvaaeQ5rpWD8Ami
idb+EbGnJF22UQlpllW9fqT0Mhwamzh8geuL0FhJZYGexuSRIN8kwq2D6iQZ6fGZ
x+BxZaA1v04adpjQJh0lOr8L/ehazUDBK1WOGLcMrxBA0UXgOoWvKg1+ff+WjI36
5oCqJIRw61fgvZSTk5d9Ce3zGEKJ9qbcMzoUDoOwe9UvW6K5p/QYF0mLo03YZPWx
fcHu7YgQPvXsWqQX6A2Xtax/qbfWkDwpVCSvTdqPp2We3wyj+LpgdV6XSSfqzHPS
334xFznUbsvsXnyVPBd8oXo+iQKbBBgWCgAhFiEEYUi42lllVRFXqszOML7Wxa75
PeIFAmaPrOADGw4EAizBaiAEGQEIAB0WIQTvVw1nMsOz3JJYnfgXe/JH1tvjPQUC
Zo+s4AAAU+cP/1/Xz/2Qh6s+naIK/CF2/1wu3+7mLf7xI7E67fjf+rvRGNxOIHJp
eepO/xe7ME2Jz7gasy8fk1Zo60CLM9efaf4XYx+nt3IvfJsASKInZxb2uFsL2wnf
ypLT2NVpClydRBoGIK7tjK4L3OAL18iTAljNvkyl7kwkog7J2kdP9Rrq2RYM5CSL
qSczJ9Z8x/qVM5S6+J9+gdpWeG0gzVfAZrffXyEU/xTdsbKTI7LSR204RFYwncco
au0oaaD52n2ooZr+FORBymu6d1cEiAjwoj3gjd+seAQgRqFxonJUNs3oB9Yagf8Z
qAalXOq/8XcvkrNCShfk8Rp6pI9gWdFZEKRkQf1WJIKxpt10J0D0tdO5XPwjRoYQ
8ciTrImlTEVyleg8JyYIUCGBjD5NO6AyBw4Pl1aLScGNTKwqufycr3+tqiB2qOci
NFwu8pXH3N8QHTm7e/u7r+mG84bduM/KMYz2LgTdtLfDW0hWEJBvZgNjjRwpsfyr
G0EIhl8w/ymVGyc1G463mo+7aXIaWD9bU/HlHWMMg2lcsVPbxqTAzz5PJWsA1xBS
EjmDncLPN0ZSS5m2UIN8tRwRncAz54C2tlqDgWwfSZH16KDHZjirufG9WX0k+SbY
71vvEBMs82nI62rxptiBgAdg698+HxQY7nhHIASnxuZL3VAlu2+YDgAwXIUBAJkp
Iedldlr2LVzgn5Wp3FvuRXMPf/w4I61X+Pnj3BbZAQDSi6G5j+uO/+I36Lwthpbc
P6T+rhZnTCrz6jyw3fwwDw==
=Bar9
-----END PGP PRIVATE KEY BLOCK-----

This can be done via the CLI with:

gpg --detach-sign --sign-with 30BED6C5AEF93DE2! ...  # ED25519 subkey
gpg --detach-sign --sign-with 177BF247D6DBE33D! ...  # RSA4096 subkey

[lubux]

Hi 👋

GopenPGP currently does not support the specific selection of signing sub-keys and relies on the automatic selection process of the underlying forked go-crypto library. Nevertheless, go-crypto does support this feature via the config.

If you need this feature, I would suggest to either use the lower-level library or create a pull request for GopenPGP.

[nf-brentsaner]

🤦🏻 Skipped right over that. I must have looked at packet.Config at least half a dozen times and it never mentally parsed. Thanks!