From 378890f83a0f7f746d29175b6605f4f2805e7c30 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 2 Feb 2024 18:06:30 +0100 Subject: [PATCH] Enforce key algorithm capabilities for subkeys --- .../key/generation/GenerateOpenPgpKey.kt | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/GenerateOpenPgpKey.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/GenerateOpenPgpKey.kt index 4371ff69..fe5ee01d 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/GenerateOpenPgpKey.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/GenerateOpenPgpKey.kt @@ -216,12 +216,17 @@ open class GenerateOpenPgpKey( keyType: KeyType, creationTime: Date = referenceTime, bindingTime: Date = creationTime - ) = + ) = apply { + require(keyType.canEncryptCommunication || keyType.canEncryptStorage) { + "KeyType $keyType cannot be used for encryption keys." + } addSubkey( keyType, creationTime, bindingTime, - listOf(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS)) + listOf(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS) + ) + } /** * Add a new subkey to be used for creating data signatures. @@ -236,7 +241,12 @@ open class GenerateOpenPgpKey( keyType: KeyType, creationTime: Date = referenceTime, bindingTime: Date = creationTime - ) = addSubkey(keyType, creationTime, bindingTime, listOf(KeyFlag.SIGN_DATA)) + ) = apply { + require(keyType.canSign) { + "KeyType $keyType cannot be used for signing keys." + } + addSubkey(keyType, creationTime, bindingTime, listOf(KeyFlag.SIGN_DATA)) + } /** * Build the finished OpenPGP key.