Bouncy castle - Subkeys Support?

Question

i am working on a project where it requires key management(Creation of Secret, Public and subkeys) and use them to perform cryptographic operations.

I have tried a POC on PGP Subkey creation with Bouncy Castle and try to perform cryptographic operations with it.

Following are the observations –

1. Subkeys can be created only at the beginning with Secret Key. It cannot be created later and associated with Secret Key (while in gpg it can be added later).
2. Documents encrypted with subkeys cannot be decrypted with Secret Key. (results in an Exception)
3. Bouncy Castle treats subkeys as PGP MESSAGE (while Secret Key - PGP PRIVATE KEY BLOCK and Public Key - PGP PUBLIC KEY BLOCK)
4. Specific Bouncy Castle APIs for Subkeys are not available.

Please help me understand how subkeys can be used in cryptographic operations with Bouncy Castle. It will be more helpful if anyone provide me code for the same.

Answer 1

This person asked here as well: https://github.com/bcgit/bc-java/issues/755

Answer (from there):

It is possible to add new certifications to an existing key. For example PGPPublicKey#addCertification can be used to add a new signature. This can be used to "add" new sub-keys. A sub key is nothing more than a key which has some signature signed by the master key. You do not add sub keys to a secret key. You only need the (master) secret key to create a certification that a key is a sub key. A document encrypted with a sub-public key can be decrypted with the sub-secret key.

and a follow up:

When decrypting a message, you just have to supply the (sub) key which the message is addressed to during decryption.