1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-24 11:57:59 +01:00

Enforce key algorithm capabilities for subkeys

This commit is contained in:
Paul Schaub 2024-02-02 18:06:30 +01:00
parent 70da96b064
commit 378890f83a
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -216,12 +216,17 @@ open class GenerateOpenPgpKey(
keyType: KeyType,
creationTime: Date = referenceTime,
bindingTime: Date = creationTime
) =
) = apply {
require(keyType.canEncryptCommunication || keyType.canEncryptStorage) {
"KeyType $keyType cannot be used for encryption keys."
}
addSubkey(
keyType,
creationTime,
bindingTime,
listOf(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
listOf(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS)
)
}
/**
* Add a new subkey to be used for creating data signatures.
@ -236,7 +241,12 @@ open class GenerateOpenPgpKey(
keyType: KeyType,
creationTime: Date = referenceTime,
bindingTime: Date = creationTime
) = addSubkey(keyType, creationTime, bindingTime, listOf(KeyFlag.SIGN_DATA))
) = apply {
require(keyType.canSign) {
"KeyType $keyType cannot be used for signing keys."
}
addSubkey(keyType, creationTime, bindingTime, listOf(KeyFlag.SIGN_DATA))
}
/**
* Build the finished OpenPGP key.