feat: add touch policy to synthesized openpgp key comment

smlx · Aug 8, 2021 · c1a5038 · c1a5038
1 parent 07780d7
commit c1a5038
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/internal/securitykey/string.go b/internal/securitykey/string.go
@@ -46,10 +46,6 @@ func (k *SecurityKey) StringsSSH() []string {
 // on the yubikey for slots with touch policies that require it.
 func (k *SecurityKey) synthesizeEntities(name, email string) ([]Entity, error) {
 	now := time.Now()
-	uid := packet.NewUserId(name, "piv-agent synthesized user ID", email)
-	if uid == nil {
-		return nil, errors.InvalidArgumentError("invalid characters in user ID")
-	}
 	var entities []Entity
 	for _, signingKey := range k.SigningKeys() {
 		cryptoPrivKey, err := k.PrivateKey(&signingKey)
@@ -60,6 +56,12 @@ func (k *SecurityKey) synthesizeEntities(name, email string) ([]Entity, error) {
 		if !ok {
 			return nil, fmt.Errorf("private key is invalid type")
 		}
+		comment := fmt.Sprintf("piv-agent synthesized; touch-policy %s",
+			touchStringMap[signingKey.SlotSpec.TouchPolicy])
+		uid := packet.NewUserId(name, comment, email)
+		if uid == nil {
+			return nil, errors.InvalidArgumentError("invalid characters in user ID")
+		}
 		ecdsaPubKey, ok := signingKey.Public.(*ecdsa.PublicKey)
 		if !ok {
 			// TODO: handle ed25519 keys