go-crypto icon indicating copy to clipboard operation
go-crypto copied to clipboard
verified publisher icon ProtonMail

Add NoEncryptionSubkey to openpgp/packet/Config

Open dkg opened this issue 5 months ago • 2 comments

This is a step toward being able to support

gosop generate-key --signing-only

See https://github.com/ProtonMail/gosop/issues/43

dkg avatar Jul 31 '25 05:07 dkg

Hey :wave: Thanks for the PR!

I'm a bit hesitant about adding a boolean option that starts with No, essentially making it backwards. Since sop already provides a name for this, how about we borrow from that and name this GenerateSigningKeyOnly or some such?

twiss avatar Jul 31 '25 11:07 twiss

I agree that the sense inversion is pretty weird. I wanted it to default to false, so that there's nothing extra to do if the struct is 0-initialized. I don't mind naming it SigningOnly if you prefer, but i thought you might want some level of deeper control here (for example, enabling or disabling Authentication-capable subkeys).

If you prefer SigningOnly, i'm happy to revise.

Alternately, instead of adding a member to the struct, i guess we could augment NewEntity with another parameter (though that feels pretty clumsy in terms of API shift, and given golang's opposition to default parameters)

dkg avatar Jul 31 '25 14:07 dkg