Consider an OpenPGP secret key that uses a form of secret key encryption that is unknown to gosop.
Even though gosop can't use the secret key, i'd expect it to be able to transform it into a valid OpenPGP certificate.
However:
0 dkg@alice:~$ cat test.key
-----BEGIN PGP PRIVATE KEY BLOCK-----
xTQEZgWtcxYJKwYBBAHaRw8BAQdAlLK6UPQsVHR2ETk1SwVIG3tBmpiEtikYYlCy
1TIiqzb8zR08aGFyZHdhcmUtc2VjcmV0QGV4YW1wbGUub3JnPsKNBBAWCAA1AhkB
BQJmBa1zAhsDCAsJCAcKDQwLBRUKCQgLAhYCFiEEXlP8Tur0WZR+f0I33/i9Uh4O
HEkACgkQ3/i9Uh4OHEnryAD8CzH2ajJvASp46ApfI4pLPY57rjBX++d/2FQPRyqG
HJUA/RLsNNgxiFYmK5cjtQe2/DgzWQ7R6PxPC6oa3XM7xPcCxzkEZgWtcxIKKwYB
BAGXVQEFAQEHQE1YXOKeaklwG01Yab4xopP9wbu1E+pCrP1xQpiFZW5KAwEIB/zC
eAQYFggAIAUCZgWtcwIbDBYhBF5T/E7q9FmUfn9CN9/4vVIeDhxJAAoJEN/4vVIe
DhxJVTgA/1WaFrKdP3AgL0Ffdooc5XXbjQsj0uHo6FZSHRI4pchMAQCyJnKQ3RvW
/0gm41JCqImyg2fxWG4hY0N5Q7Rc6PyzDQ==
=3w/O
-----END PGP PRIVATE KEY BLOCK-----
0 dkg@alice:~$ gosop extract-cert < ./test.key
extract-cert: gopenpgp: error in reading key ring: openpgp: invalid data: first packet was not a public/private key
99 dkg@alice:~$ gosop version --extended
gosop 0.1.0
GopenPGP 2.7.5
Compiled using go1.21.6
0 dkg@alice:~$
(this example was drawn from a proposed test vector for the hardware-secrets draft, but a similar situation likely applies for any unknown secret key encryption format (maybe even for AEAD for secret keys as described in the crypto-refresh, but i haven't tested it yet))
Consider an OpenPGP secret key that uses a form of secret key encryption that is unknown to
gosop.Even though
gosopcan't use the secret key, i'd expect it to be able to transform it into a valid OpenPGP certificate.However:
(this example was drawn from a proposed test vector for the hardware-secrets draft, but a similar situation likely applies for any unknown secret key encryption format (maybe even for AEAD for secret keys as described in the crypto-refresh, but i haven't tested it yet))