From bf04f358838196b6dfa40b9a7467760560ed9729 Mon Sep 17 00:00:00 2001
From: Nora Widdecke <nora@sequoia-pgp.org>
Date: Mon, 2 May 2022 14:27:13 +0200
Subject: sq: Add option to generate an auth-capable subkey.

  - Generate an authentication-capable subkey by default.

  - Add the flags `--can-authenticate` and `--cannot-authenticate` to sq
    key generate, analogous to `--can{not}-sign`.

  - Closes #844.
---
 sq/src/commands/key.rs | 13 +++++++++++++
 sq/src/sq-usage.rs     |  6 ++++++
 sq/src/sq_cli.rs       |  9 +++++++++
 3 files changed, 28 insertions(+)

(limited to 'sq')

diff --git a/sq/src/commands/key.rs b/sq/src/commands/key.rs
index f597d6ac..aa03f2e1 100644
--- a/sq/src/commands/key.rs
+++ b/sq/src/commands/key.rs
@@ -111,6 +111,19 @@ fn generate(config: Config, m: &ArgMatches) -> Result<()> {
         }
     }
 
+    // Authentication Capability
+    match (m.is_present("can-authenticate"), m.is_present("cannot-authenticate")) {
+        (false, false) | (true, false) => {
+            builder = builder.add_authentication_subkey()
+        }
+        (false, true) => { /* no authentication subkey */ }
+        (true, true) => {
+            return Err(
+                anyhow::anyhow!("Conflicting arguments --can-authenticate and\
+                                --cannot-authenticate"));
+        }
+    }
+
     // Encryption Capability
     match (m.value_of("can-encrypt"), m.is_present("cannot-encrypt")) {
         (Some("universal"), false) | (None, false) => {
diff --git a/sq/src/sq-usage.rs b/sq/src/sq-usage.rs
index a7ff5fea..c588c213 100644
--- a/sq/src/sq-usage.rs
+++ b/sq/src/sq-usage.rs
@@ -388,9 +388,15 @@
 //!     sq key generate [FLAGS] [OPTIONS] --export <OUTFILE>
 //!
 //! FLAGS:
+//!         --can-authenticate
+//!             Adds an authentication-capable subkey (default)
+//!
 //!         --can-sign
 //!             Adds a signing-capable subkey (default)
 //!
+//!         --cannot-authenticate
+//!             Adds no authentication-capable subkey
+//!
 //!         --cannot-encrypt
 //!             Adds no encryption-capable subkey
 //!
diff --git a/sq/src/sq_cli.rs b/sq/src/sq_cli.rs
index 7260fb71..d154ac5c 100644
--- a/sq/src/sq_cli.rs
+++ b/sq/src/sq_cli.rs
@@ -582,6 +582,15 @@ $ sq key generate --creation-time 20110609T1938+0200 --export noam.pgp
                              .long("cannot-sign")
                              .help("Adds no signing-capable subkey"))
 
+                        .group(ArgGroup::with_name("cap-authenticate")
+                               .args(&["can-authenticate", "cannot-authenticate"]))
+                        .arg(Arg::with_name("can-authenticate")
+                             .long("can-authenticate")
+                             .help("Adds an authentication-capable subkey (default)"))
+                        .arg(Arg::with_name("cannot-authenticate")
+                             .long("cannot-authenticate")
+                             .help("Adds no authentication-capable subkey"))
+
                         .group(ArgGroup::with_name("cap-encrypt")
                                .args(&["can-encrypt", "cannot-encrypt"]))
                         .arg(Arg::with_name("can-encrypt")
-- 
cgit v1.2.3