diff options
Diffstat (limited to 'openpgp/src/cert/builder.rs')
-rw-r--r-- | openpgp/src/cert/builder.rs | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs index 43cadc18..c47d1dce 100644 --- a/openpgp/src/cert/builder.rs +++ b/openpgp/src/cert/builder.rs @@ -1124,7 +1124,8 @@ impl CertBuilder<'_> { /// /// # Examples /// - /// Make the primary key certification and signing capable: + /// Makes the primary key signing-capable but not + /// certification-capable. /// /// ``` /// use sequoia_openpgp as openpgp; @@ -1145,7 +1146,7 @@ impl CertBuilder<'_> { /// // Observe that the primary key's certification capability is /// // set implicitly. /// assert_eq!(cert.with_policy(p, None)?.primary_key().key_flags(), - /// Some(KeyFlags::empty().set_signing().set_certification())); + /// Some(KeyFlags::empty().set_signing())); /// # Ok(()) } /// ``` pub fn set_primary_key_flags(mut self, flags: KeyFlags) -> Self { @@ -1282,7 +1283,7 @@ impl CertBuilder<'_> { /// .generate()?; /// # Ok(()) } /// ``` - pub fn generate(mut self) -> Result<(Cert, Signature)> { + pub fn generate(self) -> Result<(Cert, Signature)> { use crate::Packet; use crate::types::ReasonForRevocation; use std::convert::TryFrom; @@ -1294,11 +1295,6 @@ impl CertBuilder<'_> { time::Duration::new(SIG_BACKDATE_BY, 0) }); - // make sure the primary key can sign subkeys - if !self.subkeys.is_empty() { - self.primary.flags = self.primary.flags.set_certification(); - } - // Generate & self-sign primary key. let (primary, sig, mut signer) = self.primary_key(creation_time)?; @@ -1579,14 +1575,14 @@ mod tests { } #[test] - fn always_certify() { + fn not_always_certify() { let p = &P::new(); let (cert1, _) = CertBuilder::new() .set_cipher_suite(CipherSuite::Cv25519) .set_primary_key_flags(KeyFlags::empty()) .add_transport_encryption_subkey() .generate().unwrap(); - assert!(cert1.primary_key().with_policy(p, None).unwrap().for_certification()); + assert!(! cert1.primary_key().with_policy(p, None).unwrap().for_certification()); assert_eq!(cert1.keys().subkeys().count(), 1); } |