From c1a50384fe9b6e2214c854620011c139017b7848 Mon Sep 17 00:00:00 2001
From: Scott Leggett <scott@sl.id.au>
Date: Sat, 7 Aug 2021 00:38:23 +0800
Subject: [PATCH] feat: add touch policy to synthesized openpgp key comment

---
 internal/securitykey/string.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/internal/securitykey/string.go b/internal/securitykey/string.go
index 286b0d9..47c0d92 100644
--- a/internal/securitykey/string.go
+++ b/internal/securitykey/string.go
@@ -46,10 +46,6 @@ func (k *SecurityKey) StringsSSH() []string {
 // on the yubikey for slots with touch policies that require it.
 func (k *SecurityKey) synthesizeEntities(name, email string) ([]Entity, error) {
 	now := time.Now()
-	uid := packet.NewUserId(name, "piv-agent synthesized user ID", email)
-	if uid == nil {
-		return nil, errors.InvalidArgumentError("invalid characters in user ID")
-	}
 	var entities []Entity
 	for _, signingKey := range k.SigningKeys() {
 		cryptoPrivKey, err := k.PrivateKey(&signingKey)
@@ -60,6 +56,12 @@ func (k *SecurityKey) synthesizeEntities(name, email string) ([]Entity, error) {
 		if !ok {
 			return nil, fmt.Errorf("private key is invalid type")
 		}
+		comment := fmt.Sprintf("piv-agent synthesized; touch-policy %s",
+			touchStringMap[signingKey.SlotSpec.TouchPolicy])
+		uid := packet.NewUserId(name, comment, email)
+		if uid == nil {
+			return nil, errors.InvalidArgumentError("invalid characters in user ID")
+		}
 		ecdsaPubKey, ok := signingKey.Public.(*ecdsa.PublicKey)
 		if !ok {
 			// TODO: handle ed25519 keys