Implement '--signing-only' option for 'generate-key' command

external-sop/src/main/java/sop/external/operation/GenerateKeyExternal.java

@@ -57,6 +57,12 @@ public class GenerateKeyExternal implements GenerateKey {
         return this;
     }
 
+    @Override
+    public GenerateKey signingOnly() {
+        commandList.add("--signing-only");
+        return this;
+    }
+
     @Override
     public Ready generate()
             throws SOPGPException.MissingArg, SOPGPException.UnsupportedAsymmetricAlgo {

sop-java-picocli/src/main/java/sop/cli/picocli/commands/GenerateKeyCmd.java

@@ -34,6 +34,9 @@ public class GenerateKeyCmd extends AbstractSopCmd {
             paramLabel = "PROFILE")
     String profile;
 
+    @CommandLine.Option(names = "--signing-only")
+    boolean signingOnly = false;
+
     @Override
     public void run() {
         GenerateKey generateKey = throwIfUnsupportedSubcommand(
@@ -48,6 +51,10 @@ public class GenerateKeyCmd extends AbstractSopCmd {
             }
         }
 
+        if (signingOnly) {
+            generateKey.signingOnly();
+        }
+
         for (String userId : userId) {
             generateKey.userId(userId);
         }

sop-java/src/main/java/sop/operation/GenerateKey.java

@@ -80,6 +80,13 @@ public interface GenerateKey {
      */
     GenerateKey profile(String profile);
 
+    /**
+     * If this options is set, the generated key will not be capable of encryption / decryption.
+     *
+     * @return builder instance
+     */
+    GenerateKey signingOnly();
+
     /**
      * Generate the OpenPGP key and return it encoded as an {@link InputStream}.
      *

sop-java/src/testFixtures/java/sop/testsuite/operation/GenerateKeyTest.java

@@ -10,12 +10,16 @@ import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 import sop.SOP;
+import sop.exception.SOPGPException;
 import sop.testsuite.JUtils;
 import sop.testsuite.TestData;
 
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.util.stream.Stream;
 
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
 @EnabledIf("sop.testsuite.operation.AbstractSOPTest#hasBackends")
 public class GenerateKeyTest extends AbstractSOPTest {
 
@@ -97,4 +101,21 @@ public class GenerateKeyTest extends AbstractSOPTest {
         JUtils.assertArrayStartsWith(key, TestData.BEGIN_PGP_PRIVATE_KEY_BLOCK);
         JUtils.assertArrayEndsWithIgnoreNewlines(key, TestData.END_PGP_PRIVATE_KEY_BLOCK);
     }
+
+    @ParameterizedTest
+    @MethodSource("provideInstances")
+    public void generateSigningOnlyKey(SOP sop) throws IOException {
+        byte[] signingOnlyKey = sop.generateKey()
+                .signingOnly()
+                .userId("Alice <alice@pgpainless.org>")
+                .generate()
+                .getBytes();
+        byte[] signingOnlyCert = sop.extractCert()
+                .key(signingOnlyKey)
+                .getBytes();
+
+        assertThrows(SOPGPException.CertCannotEncrypt.class, () ->
+                sop.encrypt().withCert(signingOnlyCert)
+                        .plaintext(TestData.PLAINTEXT.getBytes(StandardCharsets.UTF_8)));
+    }
 }