x/crypto/openpgp: ReadEntity does not initialize preferred hash and cipher functions for Entity's Identities' Signatures

[Geo25rey]

What version of Go are you using (go version)?

$ go version
go version go1.15.3 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output

$ go env
GO111MODULE=""
GOARCH="amd64"
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/lib/go"
GOSUMDB="sum.golang.org"
GOTOOLDIR="/usr/lib/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build141547726=/tmp/go-build -gno-record-gcc-switches"

What did you do?

https://play.golang.org/p/XFv3i4jyLco

What did you expect to see?

Encrypt function to try the passed in config first OR the Entity created by ReadEntity to contain its preferred hash and cipher functions.

What did you see instead?

Encrypt function uses its default hash and cipher functions regardless of passed in config or entity.

Possible Solutions

In order from most probable/possible to least probable/possible solution:

[1] Change ReadEntity so that it initializes preferred hash and cipher functions for its Identities' Signatures since that data isn't serialized (openpgp/keys.go:417)
[1.5] Change Signature.parse so that it can infer hash and cipher prefferences (openpgp/packet/signature.go:108)
[2] Change Encrypt so it checks what the actual hash and cipher functions of the passed in entity are rather than just guessing (openpgp/write.go:295)
[3] Change Signature.Serialize so that it includes hash and cipher preferences (openpgp/packet/signature.go:599)

Edit: Added solution 1.5

[gopherbot]

Change https://golang.org/cl/267077 mentions this issue: openpgp: Fixed failure to encrypt data using deserialized Entity

[toothrot]

/cc @FiloSottile

[Geo25rey]

@toothrot @FiloSottile The issue is that Signature.PreferredHash != Signature.Hash when deserialized. Also, the algorithm for choosing a compatible hash algorithm in Encrypt was too strict when the passed in config explicitedly states the correct algorithms to use. My PR golang/crypto#163 fixes this with a test to prove it.

[FiloSottile]

Per the accepted #44226 proposal and due to lack of maintenance, the golang.org/x/crypto/openpgp package is now frozen and deprecated. No new changes will be accepted except for security fixes. The package will not be removed.

If this is a security issue, please email security@golang.org and we will assess it and provide a fix.

If you're looking for alternatives, consider the crypto/ed25519 package for simple signatures, golang.org/x/mod/sumdb/note for inline signatures, or filippo.io/age for encryption. You can read a summary of OpenPGP issues and alternatives here.

If you are required to interoperate with OpenPGP systems and need a maintained package, we suggest considering one of multiple community forks of golang.org/x/crypto/openpgp. We don't endorse any specific one.

Thank you!