any reason why the switch? i worked with pgpy and found it quite promising even though development seems to have stalled recently... i dislike pygpgme because it ties back into gpg, which i consider legacy at this point - it brings just too much cruft with it and weird ways of operating...
pgpy is missing a lot of features supported by gpg, and users have reported problems with PGP keys that won't import into meta.sr.ht, or can't be used to encrypt their emails, etc.
right - you certainly will have trouble with ECC keys for example. i guess if you need wider compatibility, you'll certainly have to switch, in the short term, which is too bad becaues you enter a world of API pain. :/
i'm sorry I wish i had better news.
I ran into meta.sr.ht not accepting my PGP key, which uses ECC (ed25519 + cv25519). The interface will simply say:
This is not a valid PGP key
I wanted to suggest potentially using Go, which has pretty solid crypto libraries in the standard library, if you ever plan to rewrite meta.srt.ht. However, after doing a bit of digging it looks like ed25519 is not supported when I look at the PublicKeyAlgorithm type. Other ECC keys are supported though.
It looks like
algo 22for ed25519 (I see this by running
gpg --list-packets mypubkey.asc), which isn't listed in iana here: https://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-12
I didn't quite realize I may be out of luck as far as support when I created my key... The idea of running
gpgas a separate process for this piece seems really clunky though. I wonder what the effort would be to update the Python and/or Go library with support for ECC + ed25519 keys.
I didn't quite realize I may be out of luck as far as support when I created my key... The idea of running gpg as a separate process for this piece seems really clunky though. I wonder what the effort would be to update the Python and/or Go library with support for ECC + ed25519 keys.
The problem is that GPG will keep receiving updates... and any other implementation will keep falling behind. GPG isn't a standard interface.