IssuerKeyId criticality and unsupported implementations

[caarlos0]

In v1.1+ (#208), the issuer key ID subpacket was made critical again (reverting #175).

RPM 4.16 (used in centos 9, fedora 34, ...) does not support it. Seems to be fixed in 4.17+.
FWIW Centos 9 EOL is set to 2027-05-31.

Is it possible to set it back to false? Does it need to be true? Can we make that optional somehow?

see:

• Unify key generation self-signature #208
• fix: IssuerKeyId non-critical #175

[twiss]

Apologies for the regression. The reason this was changed was for consistency with OpenPGP.js, although we could theoretically change it in both. I don't think it really makes sense for this to be an option, though. Perhaps, would it be an option for you to use a fork/patch that reverts this, instead?

[caarlos0]

yes that's a valid option as well, but it always feels a bit sketchy to use a fork of crypto lib I think, so I would like to avoid it if possible...

[wxiaoguang]

We also experience the regression in Gitea's RPM package registry. Why issuer key ID must be critical? Looking forward to a clear solution.

[caarlos0]

PS: opened #266

not sure if we can just do that, but given it was like that for years before, I imagine we can?

[wxiaoguang]

@twiss any update (and for #266)? And maybe there could be some tests to avoid regressions?

[caarlos0]

any chance we could get another look at/merge this?

[twiss]

Hi 👋 Sorry for the delayed response.
If you have time, could you please make an equivalent PR for https://github.com/openpgpjs/openpgpjs as well? That would make this go faster as we would like to keep the behavior consistent between the two libraries. Otherwise I can do it as well at some point.
Thanks, in any case!