Enforce key algorithm capabilities for subkeys

2024-02-02 18:06:30 +01:00 · 2024-02-02 18:06:30 +01:00 · 378890f83a
parent 70da96b064
commit 378890f83a
1 changed files with 13 additions and 3 deletions
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/GenerateOpenPgpKey.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/GenerateOpenPgpKey.kt
@ -216,12 +216,17 @@ open class GenerateOpenPgpKey(
            keyType: KeyType,
            creationTime: Date = referenceTime,
            bindingTime: Date = creationTime
-        ) =
+        ) = apply {
+            require(keyType.canEncryptCommunication || keyType.canEncryptStorage) {
+                "KeyType $keyType cannot be used for encryption keys."
+            }
            addSubkey(
                keyType,
                creationTime,
                bindingTime,
-                listOf(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
+                listOf(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS)
+            )
+        }

        /**
         * Add a new subkey to be used for creating data signatures.
@ -236,7 +241,12 @@ open class GenerateOpenPgpKey(
            keyType: KeyType,
            creationTime: Date = referenceTime,
            bindingTime: Date = creationTime
-        ) = addSubkey(keyType, creationTime, bindingTime, listOf(KeyFlag.SIGN_DATA))
+        ) = apply {
+            require(keyType.canSign) {
+                "KeyType $keyType cannot be used for signing keys."
+            }
+            addSubkey(keyType, creationTime, bindingTime, listOf(KeyFlag.SIGN_DATA))
+        }

        /**
         * Build the finished OpenPGP key.