Fix Encryption Algorithm field. (#118)

* fix encryption algo logic

Signed-off-by: Michael Darmawan <michael.darmawan@ibm.com>

* comments

Signed-off-by: Michael Darmawan <michael.darmawan@ibm.com>

---------

Signed-off-by: Michael Darmawan <michael.darmawan@ibm.com>

keys.go

@@ -151,19 +151,25 @@ func WithDescription(description string) CreateKeyOption {
 func WithPayload(payload string, encryptedNonce, iv *string, sha1 bool) CreateKeyOption {
 	return func(key *Key) {
 		key.Payload = payload
-		if !key.Extractable && payload != "" {
-			algorithm := AlgorithmRSAOAEP256
-			if sha1 {
-				algorithm = AlgorithmRSAOAEP1
-			}
-			key.EncryptionAlgorithm = algorithm
-
-			if encryptedNonce != nil {
+		if !key.Extractable {
+			hasNonce := encryptedNonce != nil && *encryptedNonce != ""
+			hasIV := iv != nil && *iv != ""
+			if hasNonce {
 				key.EncryptedNonce = *encryptedNonce
 			}
-			if iv != nil {
+			if hasIV {
 				key.IV = *iv
 			}
+			// Encryption algo field is only for secure import.
+			// Only included it if either nonce or IV are specified.
+			// API will error if only one of IV or nonce are specified but the other is empty.
+			if hasNonce || hasIV {
+				algorithm := AlgorithmRSAOAEP256
+				if sha1 {
+					algorithm = AlgorithmRSAOAEP1
+				}
+				key.EncryptionAlgorithm = algorithm
+			}
 		}
 	}
 }