Openpgp to encrypt using a DSA public key

Question

I wrote a Go function to encrypt a string using a public DSA key. I understand DSA keys are meant for signing but command line encryption seems to be working fine with the DSA key. I wanted to check if openpgp or any other crypto package in Go can be used to encrypt using a public DSA key. Here is the code I wrote using this example

 //encrypt data
 //TODO: Change to io.Reade io.Writer interface
    
func EncryptData(ctx context.Context, fileBuffer string, KeyName string) (string, error) {
    
    var entityList openpgp.EntityList
    
    //get private key from Google secrets manager
    signingkey, err := GetSAKey(ctx, KeyName)
    if err != nil {
        return "", errors.New("ERV003: Error accessing private key from secrets manager : " + err.Error())
    }

    //get ascii armored keyring
    entityList, err1 := openpgp.ReadArmoredKeyRing(strings.NewReader(signingkey))
    if err1 != nil {
        return "", errors.New("ERV005: Error reading GPG private key : " + err1.Error())
    }

    buf := new(bytes.Buffer)
    w, err := openpgp.Encrypt(buf, entityList, nil, nil, nil)
    if err != nil {
        return "", errors.New("ERV006: Error ecrypting file data : " + err.Error())
    }
    _, err = w.Write([]byte(fileBuffer))

    err = w.Close()
    if err != nil {
        return "", err
    }

    // Encode to base64
    bytes, err := ioutil.ReadAll(buf)
    if err != nil {
        return "", err
    }
    encStr := base64.StdEncoding.EncodeToString(bytes)

    // Output encrypted/encoded string
    log.Println("Encrypted Secret:", encStr)

    return encStr, nil

}

I am getting the below error

openpgp: invalid argument: cannot encrypt to public key of type 17

This works fine with RSA keys. But my requirement is to use a DSA key.

Querying a popular internet search engine for the exact error text you mentioned brings [this](https://github.com/golang/go/issues/12153#issuecomment-229998750), which reads «Perhaps not germane to this issue, but the error might be more useful if it indicated that DSA keys cannot be used for encryption, only signing.» See also [this](https://crypto.stackexchange.com/a/2586). — kostix, Jun 23 '20 at 17:09
Go documentation says Entity. Subkeys can be used for encryption. I see the DSA Key has a subkey. How can I use it for encryption using the openpgp package? Link: https://pkg.go.dev/golang.org/x/crypto/openpgp@v0.0.0-20200622213623-75b288015ac9?tab=doc#Subkey — Ashish Dhandharia, Jun 23 '20 at 23:29
Go documentation is not necessarily correct because the writer might have thought about keys of types other than DSA when they were writing it. [This thread](https://crypto.stackexchange.com/questions/52982) provides more background on what "DSA encryption" might mean in the context of PGP (be sure to read the comments as well). It hints at that you might get away by generating a subkey of the DSA key suitable for encryption using ElGamal which, as I gather, uses the same "math" as DSA. ElGamal [is supported](https://godoc.org/golang.org/x/crypto/openpgp/elgamal) by the package you're using. — kostix, Jun 24 '20 at 09:32

Openpgp to encrypt using a DSA public key

0 Answers0