1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-25 04:17:59 +01:00

Enforce key algorithm capabilities for subkeys

This commit is contained in:
Paul Schaub 2024-02-02 18:06:30 +01:00
parent 70da96b064
commit 378890f83a
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -216,12 +216,17 @@ open class GenerateOpenPgpKey(
keyType: KeyType, keyType: KeyType,
creationTime: Date = referenceTime, creationTime: Date = referenceTime,
bindingTime: Date = creationTime bindingTime: Date = creationTime
) = ) = apply {
require(keyType.canEncryptCommunication || keyType.canEncryptStorage) {
"KeyType $keyType cannot be used for encryption keys."
}
addSubkey( addSubkey(
keyType, keyType,
creationTime, creationTime,
bindingTime, bindingTime,
listOf(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS)) listOf(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS)
)
}
/** /**
* Add a new subkey to be used for creating data signatures. * Add a new subkey to be used for creating data signatures.
@ -236,7 +241,12 @@ open class GenerateOpenPgpKey(
keyType: KeyType, keyType: KeyType,
creationTime: Date = referenceTime, creationTime: Date = referenceTime,
bindingTime: Date = creationTime bindingTime: Date = creationTime
) = addSubkey(keyType, creationTime, bindingTime, listOf(KeyFlag.SIGN_DATA)) ) = apply {
require(keyType.canSign) {
"KeyType $keyType cannot be used for signing keys."
}
addSubkey(keyType, creationTime, bindingTime, listOf(KeyFlag.SIGN_DATA))
}
/** /**
* Build the finished OpenPGP key. * Build the finished OpenPGP key.