gosop cannot extract an OpenPGP certificate from a Transferable Secret Key with unknown secret key encryption mechanism

[dkg]

Consider an OpenPGP secret key that uses a form of secret key encryption that is unknown to gosop.

Even though gosop can't use the secret key, i'd expect it to be able to transform it into a valid OpenPGP certificate.

However:

0 dkg@alice:~$ cat test.key 
-----BEGIN PGP PRIVATE KEY BLOCK-----

xTQEZgWtcxYJKwYBBAHaRw8BAQdAlLK6UPQsVHR2ETk1SwVIG3tBmpiEtikYYlCy
1TIiqzb8zR08aGFyZHdhcmUtc2VjcmV0QGV4YW1wbGUub3JnPsKNBBAWCAA1AhkB
BQJmBa1zAhsDCAsJCAcKDQwLBRUKCQgLAhYCFiEEXlP8Tur0WZR+f0I33/i9Uh4O
HEkACgkQ3/i9Uh4OHEnryAD8CzH2ajJvASp46ApfI4pLPY57rjBX++d/2FQPRyqG
HJUA/RLsNNgxiFYmK5cjtQe2/DgzWQ7R6PxPC6oa3XM7xPcCxzkEZgWtcxIKKwYB
BAGXVQEFAQEHQE1YXOKeaklwG01Yab4xopP9wbu1E+pCrP1xQpiFZW5KAwEIB/zC
eAQYFggAIAUCZgWtcwIbDBYhBF5T/E7q9FmUfn9CN9/4vVIeDhxJAAoJEN/4vVIe
DhxJVTgA/1WaFrKdP3AgL0Ffdooc5XXbjQsj0uHo6FZSHRI4pchMAQCyJnKQ3RvW
/0gm41JCqImyg2fxWG4hY0N5Q7Rc6PyzDQ==
=3w/O
-----END PGP PRIVATE KEY BLOCK-----
0 dkg@alice:~$ gosop extract-cert < ./test.key 
extract-cert: gopenpgp: error in reading key ring: openpgp: invalid data: first packet was not a public/private key
99 dkg@alice:~$ gosop version --extended
gosop 0.1.0
GopenPGP 2.7.5
Compiled using go1.21.6
0 dkg@alice:~$ 

(this example was drawn from a proposed test vector for the hardware-secrets draft, but a similar situation likely applies for any unknown secret key encryption format (maybe even for AEAD for secret keys as described in the crypto-refresh, but i haven't tested it yet))

[twiss]

This is essentially an issue in go-crypto, as it can't read the key. I've recorded this in ProtonMail/go-crypto#250.