Allow generation of keys with empty key flags.

Forbid certification of thirdparty certificates if CERTIFY_OTHERS flag is missing

pgpainless-core/src/main/java/org/pgpainless/algorithm/KeyFlag.java

@@ -18,7 +18,7 @@ import org.bouncycastle.bcpg.sig.KeyFlags;
 public enum KeyFlag {
 
     /**
-     * This key may be used to certify other keys.
+     * This key may be used to certify third-party keys.
      */
     CERTIFY_OTHER  (KeyFlags.CERTIFY_OTHER),
 

pgpainless-core/src/main/java/org/pgpainless/exception/KeyException.java

@@ -67,6 +67,13 @@ public abstract class KeyException extends RuntimeException {
         }
     }
 
+    public static class UnacceptableThirdPartyCertificationKeyException extends KeyException {
+
+        public UnacceptableThirdPartyCertificationKeyException(@Nonnull OpenPgpFingerprint fingerprint) {
+            super("Key " + fingerprint + " has no acceptable certification key.", fingerprint);
+        }
+    }
+
     public static class UnacceptableSelfSignatureException extends KeyException {
 
         public UnacceptableSelfSignatureException(@Nonnull OpenPgpFingerprint fingerprint) {

pgpainless-core/src/main/java/org/pgpainless/key/certification/CertifyCertificate.java

@@ -280,6 +280,10 @@ public class CertifyCertificate {
             throw new KeyException.RevokedKeyException(fingerprint);
         }
 
+        if (!info.isUsableForThirdPartyCertification()) {
+            throw new KeyException.UnacceptableThirdPartyCertificationKeyException(fingerprint);
+        }
+
         Date expirationDate = info.getExpirationDateForUse(KeyFlag.CERTIFY_OTHER);
         if (expirationDate != null && expirationDate.before(now)) {
             throw new KeyException.ExpiredKeyException(fingerprint, expirationDate);

pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java

@@ -19,7 +19,6 @@ import java.util.Map;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
-import org.bouncycastle.bcpg.sig.KeyFlags;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPKeyPair;
 import org.bouncycastle.openpgp.PGPKeyRingGenerator;
@@ -128,19 +127,11 @@ public class KeyRingBuilder implements KeyRingBuilderInterface<KeyRingBuilder> {
     }
 
     private void verifyMasterKeyCanCertify(KeySpec spec) {
-        if (!hasCertifyOthersFlag(spec)) {
-            throw new IllegalArgumentException("Certification Key MUST have KeyFlag CERTIFY_OTHER");
-        }
         if (!keyIsCertificationCapable(spec)) {
             throw new IllegalArgumentException("Key algorithm " + spec.getKeyType().getName() + " is not capable of creating certifications.");
         }
     }
 
-    private boolean hasCertifyOthersFlag(KeySpec keySpec) {
-        KeyFlags keyFlags = keySpec.getSubpacketGenerator().getKeyFlagsSubpacket();
-        return keyFlags != null && KeyFlag.hasKeyFlag(keyFlags.getFlags(), KeyFlag.CERTIFY_OTHER);
-    }
-
     private boolean keyIsCertificationCapable(KeySpec keySpec) {
         return keySpec.getKeyType().canCertify();
     }

pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpec.java

@@ -56,7 +56,7 @@ public class KeySpec {
         return keyCreationDate;
     }
 
-    public static KeySpecBuilder getBuilder(KeyType type, KeyFlag flag, KeyFlag... flags) {
+    public static KeySpecBuilder getBuilder(KeyType type, KeyFlag... flags) {
-        return new KeySpecBuilder(type, flag, flags);
+        return new KeySpecBuilder(type, flags);
     }
 }

pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpecBuilder.java

@@ -21,7 +21,6 @@ import org.pgpainless.key.generation.type.KeyType;
 import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
 import org.pgpainless.signature.subpackets.SignatureSubpackets;
 import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
-import org.pgpainless.util.CollectionUtils;
 
 public class KeySpecBuilder implements KeySpecBuilderInterface {
 
@@ -34,17 +33,14 @@ public class KeySpecBuilder implements KeySpecBuilderInterface {
     private Set<SymmetricKeyAlgorithm> preferredSymmetricAlgorithms = algorithmSuite.getSymmetricKeyAlgorithms();
     private Date keyCreationDate;
 
-    KeySpecBuilder(@Nonnull KeyType type, KeyFlag flag, KeyFlag... flags) {
+    KeySpecBuilder(@Nonnull KeyType type, KeyFlag... flags) {
-        if (flag == null) {
-            throw new IllegalArgumentException("Key MUST carry at least one key flag");
-        }
         if (flags == null) {
-            throw new IllegalArgumentException("List of additional flags MUST NOT be null.");
+            this.keyFlags = new KeyFlag[0];
+        } else {
+            SignatureSubpacketsUtil.assureKeyCanCarryFlags(type, flags);
+            this.keyFlags = flags;
         }
-        flags = CollectionUtils.concat(flag, flags);
-        SignatureSubpacketsUtil.assureKeyCanCarryFlags(type, flags);
         this.type = type;
-        this.keyFlags = flags;
     }
 
     @Override

pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java

@@ -1170,6 +1170,10 @@ public class KeyRingInfo {
         return new KeyAccessor.SubKey(this, new SubkeyIdentifier(keys, keyId)).getPreferredCompressionAlgorithms();
     }
 
+    public boolean isUsableForThirdPartyCertification() {
+        return isKeyValidlyBound(getKeyId()) && getKeyFlagsOf(getKeyId()).contains(KeyFlag.CERTIFY_OTHER);
+    }
+
     /**
      * Returns true, if the certificate has at least one usable encryption subkey.
      *

pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithoutPrimaryKeyFlagsTest.java

@@ -0,0 +1,53 @@
+// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.key.generation;
+
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPPublicKeyRing;
+import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.junit.jupiter.api.Test;
+import org.pgpainless.PGPainless;
+import org.pgpainless.algorithm.KeyFlag;
+import org.pgpainless.exception.KeyException;
+import org.pgpainless.key.TestKeys;
+import org.pgpainless.key.generation.type.KeyType;
+import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
+import org.pgpainless.key.generation.type.xdh.XDHSpec;
+import org.pgpainless.key.info.KeyRingInfo;
+import org.pgpainless.key.protection.SecretKeyRingProtector;
+
+import java.io.IOException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+public class GenerateKeyWithoutPrimaryKeyFlagsTest {
+
+    @Test
+    public void generateKeyWithoutCertifyKeyFlag_cannotCertifyThirdParties() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing().setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)))
+                .addSubkey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.SIGN_DATA))
+                .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
+                .addUserId("Alice")
+                .build();
+
+        KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
+        assertTrue(info.getValidUserIds().contains("Alice"));
+
+        long primaryKeyId = info.getKeyId();
+        assertTrue(info.getKeyFlagsOf("Alice").isEmpty());
+        assertTrue(info.getKeyFlagsOf(primaryKeyId).isEmpty());
+        assertFalse(info.isUsableForThirdPartyCertification());
+
+        // Key without CERTIFY_OTHER flag cannot be used to certify other keys
+        PGPPublicKeyRing thirdPartyCert = TestKeys.getCryptiePublicKeyRing();
+        assertThrows(KeyException.UnacceptableThirdPartyCertificationKeyException.class, () ->
+                PGPainless.certify().certificate(thirdPartyCert)
+                        .withKey(secretKeys, SecretKeyRingProtector.unprotectedKeys()));
+    }
+}