Add an option to Cert.generate to explicitly select v4/v6 keys

Co-authored-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Signed-off-by: Jasper Spaans <jasper@startmail.com>

Author: jap

README.md

@@ -15,6 +15,7 @@ package is for you!
 [OpenPGP]: https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP
 [SQ]: https://sequoia-pgp.org/
 [4880]: https://www.rfc-editor.org/rfc/rfc4880
+[9580]: https://www.rfc-editor.org/rfc/rfc9580
 
 Note: This is a work in progress. The API is **not** stable!
 
@@ -295,6 +296,20 @@ encrypted = encrypt(signer = alice.secrets.signer(), recipients = [bob], bytes =
 print(f"Encrypted data: {encrypted}")
 ```
 
+The default is to generate keys according to [RFC4880][4880]. By
+providing a `profile` parameter to the generate function, [modern PGP
+keys][9580] can also be generated:
+
+```python
+from pysequoia import Profile
+
+mary = Cert.generate("Modern Mary <mary@example.com", profile=Profile.RFC9580)
+print(f"Generated cert with fingerprint {mary.fingerprint}:\n{mary}")
+```
+
+Note that legacy PGP implementations may not be able to consume these
+certificates yet.
+
 ### merge
 
 Merges packets from a new version into an old version of a certificate:

src/cert.rs

@@ -46,6 +46,23 @@ impl Cert {
     }
 }
 
+#[derive(Clone, Copy, Default)]
+#[pyclass]
+pub enum Profile {
+    #[default]
+    RFC4880,
+    RFC9580,
+}
+
+impl From<Profile> for sequoia_openpgp::Profile {
+    fn from(profile: Profile) -> Self {
+        match profile {
+            Profile::RFC4880 => sequoia_openpgp::Profile::RFC4880,
+            Profile::RFC9580 => sequoia_openpgp::Profile::RFC9580,
+        }
+    }
+}
+
 pub mod secret;
 
 #[pymethods]
@@ -81,9 +98,14 @@ impl Cert {
     }
 
     #[staticmethod]
-    #[pyo3(signature = (user_id=None, user_ids=None))]
-    pub fn generate(user_id: Option<&str>, user_ids: Option<Vec<String>>) -> PyResult<Self> {
+    #[pyo3(signature = (user_id=None, user_ids=None, profile=None))]
+    pub fn generate(
+        user_id: Option<&str>,
+        user_ids: Option<Vec<String>>,
+        profile: Option<Profile>,
+    ) -> PyResult<Self> {
         let mut builder = CertBuilder::new()
+            .set_profile(profile.unwrap_or_default().into())?
             .set_cipher_suite(CipherSuite::default())
             .set_primary_key_flags(KeyFlags::empty().set_certification())
             .set_validity_period(std::time::Duration::new(3 * 52 * 7 * 24 * 60 * 60, 0))

src/lib.rs

@@ -93,6 +93,7 @@ impl Decrypted {
 #[pymodule]
 fn pysequoia(_py: Python, m: &Bound<'_, PyModule>) -> PyResult<()> {
     m.add_class::<cert::Cert>()?;
+    m.add_class::<cert::Profile>()?;
     m.add_class::<signature::Sig>()?;
     m.add_class::<notation::Notation>()?;
     m.add_class::<sign::SignatureMode>()?;