feat: support generating new keys according to spec

.gitignore

@@ -0,0 +1 @@
+/target

Cargo.toml

@@ -0,0 +1,23 @@
+[package]
+name = "openpgp-key-janitor"
+version = "0.1.0"
+authors = ["Jan Christian Grünhage <jan.christian@gruenhage.xyz>"]
+edition = "2021"
+description = "CLI for OpenPGP certificate maintenance"
+repository = "https://git.jcg.re/jcgruenhage/openpgp-key-janitor"
+license-file = "LICENSE.md"
+categories = ["command-line-utilities", "cryptography"]
+
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+anyhow = "1.0.71"
+clap = { version = "4.3.0", features = ["derive"] }
+humantime-serde = "1.1.1"
+sequoia-openpgp = { version = "1.16.0", features = ["serde"] }
+serde = { version = "1.0.163", features = ["derive"] }
+serde_yaml = "0.9.21"
+
+[patch.crates-io]
+sequoia-openpgp = { git = "https://gitlab.com/sequoia-pgp/sequoia.git", branch = "jcgruenhage/serde-display-fromstr-ciphersuite" }

LICENSE.md

@@ -0,0 +1,483 @@
+THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS
+COOPERATIVE NON-VIOLENT PUBLIC LICENSE (\"LICENSE\"). THE WORK IS
+PROTECTED BY COPYRIGHT AND ALL OTHER APPLICABLE LAWS. ANY USE OF THE
+WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS
+PROHIBITED. BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED IN THIS
+LICENSE, YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE
+EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR
+GRANTS YOU THE RIGHTS CONTAINED HERE IN AS CONSIDERATION FOR ACCEPTING
+THE TERMS AND CONDITIONS OF THIS LICENSE AND FOR AGREEING TO BE BOUND BY
+THE TERMS AND CONDITIONS OF THIS LICENSE.
+
+# Definitions
+
+An Act of War is any action of one country against any group either with
+an intention to provoke a conflict or an action that occurs during a
+declared war or during armed conflict between military forces of any
+origin. This includes but is not limited to enforcing sanctions or
+sieges, supplying armed forces, or profiting from the manufacture of
+tools or weaponry used in military conflict.
+
+An Adaptation is a work based upon the Work, or upon the Work and other
+pre-existing works, such as a translation, adaptation, derivative work,
+arrangement of music or other alterations of a literary or artistic
+work, or phonogram or performance and includes cinematographic
+adaptations or any other form in which the Work may be recast,
+transformed, or adapted including in any form recognizably derived from
+the original, except that a work that constitutes a Collection will not
+be considered an Adaptation for the purpose of this License. For the
+avoidance of doubt, where the Work is a musical work, performance or
+phonogram, the synchronization of the Work in timed-relation with a
+moving image (\"synching\") will be considered an Adaptation for the
+purpose of this License. In addition, where the Work is designed to
+output a neural network the output of the neural network will be
+considered an Adaptation for the purpose of this license.
+
+Bodily Harm is any physical hurt or injury to a person that interferes
+with the health or comfort of the person and that is more than merely
+transient or trifling in nature.
+
+Distribute is to make available to the public the original and copies of
+the Work or Adaptation, as appropriate, through sale, gift or any other
+transfer of possession or ownership.
+
+Incarceration is Confinement in a jail, prison, or any other place where
+individuals of any kind are held against either their will or (if their
+will cannot be determined) the will of their legal guardian or
+guardians. In the case of a conflict between the will of the individual
+and the will of their legal guardian or guardians, the will of the
+individual will take precedence.
+
+Licensor is The individual, individuals, entity, or entities that
+offer(s) the Work under the terms of this License
+
+Original Author is in the case of a literary or artistic work, the
+individual, individuals, entity or entities who created the Work or if
+no individual or entity can be identified, the publisher; and in
+addition
+
+-   in the case of a performance the actors, singers, musicians,
+    dancers, and other persons who act, sing, deliver, declaim, play in,
+    interpret or otherwise perform literary or artistic works or
+    expressions of folklore;
+
+-   in the case of a phonogram the producer being the person or legal
+    entity who first fixes the sounds of a performance or other sounds;
+    and,
+
+-   in the case of broadcasts, the organization that transmits the
+    broadcast.
+
+Work is the literary and/or artistic work offered under the terms of
+this License including without limitation any production in the
+literary, scientific and artistic domain, whatever may be the mode or
+form of its expression including digital form, such as a book, pamphlet
+and other writing; a lecture, address, sermon or other work of the same
+nature; a dramatic or dramatico-musical work; a choreographic work or
+entertainment in dumb show; a musical composition with or without words;
+a cinematographic work to which are assimilated works expressed by a
+process analogous to cinematography; a work of drawing, painting,
+architecture, sculpture, engraving or lithography; a photographic work
+to which are assimilated works expressed by a process analogous to
+photography; a work of applied art; an illustration, map, plan, sketch
+or three-dimensional work relative to geography, topography,
+architecture or science; a performance; a broadcast; a phonogram; a
+compilation of data to the extent it is protected as a copyrightable
+work; or a work performed by a variety or circus performer to the extent
+it is not otherwise considered a literary or artistic work.
+
+You means an individual or entity exercising rights under this License
+who has not previously violated the terms of this License with respect
+to the Work, or who has received express permission from the Licensor to
+exercise rights under this License despite a previous violation.
+
+Publicly Perform means to perform public recitations of the Work and to
+communicate to the public those public recitations, by any means or
+process, including by wire or wireless means or public digital
+performances; to make available to the public Works in such a way that
+members of the public may access these Works from a place and at a place
+individually chosen by them; to perform the Work to the public by any
+means or process and the communication to the public of the performances
+of the Work, including by public digital performance; to broadcast and
+rebroadcast the Work by any means including signs, sounds or images.
+
+Reproduce is to make copies of the Work by any means including without
+limitation by sound or visual recordings and the right of fixation and
+reproducing fixations of the Work, including storage of a protected
+performance or phonogram in digital form or other electronic medium.
+
+Software is any digital Work which, through use of a third-party piece
+of Software or through the direct usage of itself on a computer system,
+the memory of the computer is modified dynamically or semi-dynamically.
+\"Software\", secondly, processes or interprets information.
+
+Source Code is Any digital Work which, through use of a third-party
+piece of Software or through the direct usage of itself on a computer
+system, the memory of the computer is modified dynamically or
+semi-dynamically. \"Software\", secondly, processes or interprets
+information.
+
+Surveilling is the use of the Work to either overtly or covertly observe
+and record persons and or their activities.
+
+A Network Service is the use of a piece of Software to interpret or
+modify information that is subsequently and directly served to users
+over the Internet.
+
+To Discriminate is use of a work to differentiate between humans in a
+such a way which prioritizes some above others on the basis of percieved
+membership within certain groups.
+
+Hate Speech is Communication or any form of expression which is solely
+for the purpose of expressing hatred for some group or advocating a form
+of Discrimination between humans.
+
+Coercion is leveraging of the threat of force or use of force to
+intimidate a person in order to gain compliance, or to offer large
+incentives which aim to entice a person to act against their will.
+
+# Fair Dealing Rights
+
+Nothing in this License is intended to reduce, limit, or restrict any
+uses free from copyright or rights arising from limitations or
+exceptions that are provided for in connection with the copyright
+protection under copyright law or other applicable laws.
+
+# License Grant
+
+Subject to the terms and conditions of this License, Licensor hereby
+grants You a worldwide, royalty-free, non-exclusive, perpetual (for the
+duration of the applicable copyright) license to exercise the rights in
+the Work as stated below:
+
+To Reproduce the Work, to incorporate the Work into one or more
+Collections, and to Reproduce the Work as incorporated in the
+Collections
+
+To create and Reproduce Adaptations provided that any such Adaptation,
+including any translation in any medium, takes reasonable steps to
+clearly label, demarcate or otherwise identify that changes were made to
+the original Work. For example, a translation could be marked \"The
+original work was translated from English to Spanish,\" or a
+modification could indicate \"The original work has been modified.\"
+
+To Distribute and Publicly Perform the Work including as incorporated in
+Collections.
+
+To Distribute and Publicly Perform Adaptations. The above rights may be
+exercised in all media and formats whether now known or hereafter
+devised. The above rights include the right to make such modifications
+as are technically necessary to exercise the rights in other media and
+formats. This License constitutes the entire agreement between the
+parties with respect to the Work licensed here. There are no
+understandings, agreements or representations with respect to the Work
+not specified here. Licensor shall not be bound by any additional
+provisions that may appear in any communication from You. This License
+may not be modified without the mutual written agreement of the Licensor
+and You. All rights not expressly granted by Licensor are hereby
+reserved, including but not limited to the rights set forth in
+Non-waivable Compulsory License Schemes, Waivable Compulsory License
+Schemes, and Voluntary License Schemes in the restrictions.
+
+# Restrictions
+
+The license granted in the license grant above is expressly made subject
+to and limited by the following restrictions:
+
+You may Distribute or Publicly Perform the Work only under the terms of
+this License. You must include a copy of, or the Uniform Resource
+Identifier (URI) for, this License with every copy of the Work You
+Distribute or Publicly Perform. You may not offer or impose any terms on
+the Work that restrict the terms of this License or the ability of the
+recipient of the Work to exercise the rights granted to that recipient
+under the terms of the License. You may not sublicense the Work. You
+must keep intact all notices that refer to this License and to the
+disclaimer of warranties with every copy of the Work You Distribute or
+Publicly Perform. When You Distribute or Publicly Perform the Work, You
+may not impose any effective technological measures on the Work that
+restrict the ability of a recipient of the Work from You to exercise the
+rights granted to that recipient under the terms of the License. This
+Section applies to the Work as incorporated in a Collection, but this
+does not require the Collection apart from the Work itself to be made
+subject to the terms of this License. If You create a Collection, upon
+notice from any Licensor You must, to the extent practicable, remove
+from the Collection any credit as requested. If You create an
+Adaptation, upon notice from any Licensor You must, to the extent
+practicable, remove from the Adaptation any credit as requested.
+
+## Commercial Restrictions
+
+You may not exercise any of the rights granted to You in the above
+section in any manner that is primarily intended for or directed toward
+commercial advantage or private monetary compensation unless you meet
+the following requirements.
+
+i.  You are a worker-owned business or worker-owned collective.
+
+ii. after tax, all financial gain, surplus, profits and benefits
+    produced by the business or collective are distributed among the
+    worker-owners unless a set amount is to be allocated towards
+    community projects as decided by a previously-established consensus
+    agreement between the worker-owners where all worker-owners agreed.
+
+iii. You are not using such rights on behalf of a business other than
+     those specified in (i) or (ii) above, nor are using such rights as
+     a proxy on behalf of a business with the intent to circumvent the
+     aforementioned restrictions on such a business.
+
+The exchange of the Work for other copyrighted works by means of digital
+file-sharing or otherwise shall not be considered to be intended for or
+directed toward commercial advantage or private monetary compensation,
+provided there is no payment of any monetary compensation in connection
+with the exchange of copyrighted works.
+
+If the Work meets the definition of Software, You may exercise the
+rights granted in the license grant only if You provide a copy of the
+corresponding Source Code from which the Work was derived in digital
+form, or You provide a URI for the corresponding Source Code of the
+Work, to any recipients upon request.
+
+If the Work is used as or for a Network Service, You may exercise the
+rights granted in the license grant only if You provide a copy of the
+corresponding Source Code from which the Work was derived in digital
+form, or You provide a URI for the corresponding Source Code to the
+Work, to any recipients of the data served or modified by the Web
+Service.
+
+Any use by a business that is privately owned and managed, and that
+seeks to generate profit from the labor of employees paid by salary or
+other wages, is not permitted under this license.
+
+## 
+
+You may exercise the rights granted in the license grant for any
+purposes only if:
+
+i.  You do not use the Work for the purpose of inflicting Bodily Harm on
+    human beings (subject to criminal prosecution or otherwise) outside
+    of providing medical aid or undergoing a voluntary procedure under
+    no form of Coercion.
+
+ii. You do not use the Work for the purpose of Surveilling or tracking
+    individuals for financial gain.
+
+iii. You do not use the Work in an Act of War.
+
+iv. You do not use the Work for the purpose of supporting or profiting
+    from an Act of War.
+
+v.  You do not use the Work for the purpose of Incarceration.
+
+vi. You do not use the Work for the purpose of extracting, processing,
+    or refining, oil, gas, or coal. Or to in any other way to
+    deliberately pollute the environment as a byproduct of manufacturing
+    or irresponsible disposal of hazardous materials.
+
+vii. You do not use the Work for the purpose of expediting,
+     coordinating, or facilitating paid work undertaken by individuals
+     under the age of 12 years.
+
+viii. You do not use the Work to either Discriminate or spread Hate
+      Speech on the basis of sex, sexual orientation, gender identity,
+      race, age, disability, color, national origin, religion, caste, or
+      lower economic status.
+
+## 
+
+If You Distribute, or Publicly Perform the Work or any Adaptations or
+Collections, You must, unless a request has been made by any Licensor to
+remove credit from a Collection or Adaptation, keep intact all copyright
+notices for the Work and provide, reasonable to the medium or means You
+are utilizing:
+
+i.  the name of the Original Author (or pseudonym, if applicable) if
+    supplied, and/or if the Original Author and/or Licensor designate
+    another party or parties (e.g., a sponsor institute, publishing
+    entity, journal) for attribution (\"Attribution Parties\") in
+    Licensor\'s copyright notice, terms of service or by other
+    reasonable means, the name of such party or parties;
+
+ii. the title of the Work if supplied;
+
+iii. to the extent reasonably practicable, the URI, if any, that
+     Licensor to be associated with the Work, unless such URI does not
+     refer to the copyright notice or licensing information for the
+     Work; and,
+
+iv. in the case of an Adaptation, a credit identifying the use of the
+    Work in the Adaptation (e.g., \"French translation of the Work by
+    Original Author,\" or \"Screenplay based on original Work by
+    Original Author\").
+
+If any Licensor has sent notice to request removing credit, You must, to
+the extent practicable, remove any credit as requested. The credit
+required by this Section may be implemented in any reasonable manner;
+provided, however, that in the case of an Adaptation or Collection, at a
+minimum such credit will appear, if a credit for all contributing
+authors of the Adaptation or Collection appears, then as part of these
+credits and in a manner at least as prominent as the credits for the
+other contributing authors. For the avoidance of doubt, You may only use
+the credit required by this Section for the purpose of attribution in
+the manner set out above and, by exercising Your rights under this
+License, You may not implicitly or explicitly assert or imply any
+connection with, sponsorship or endorsement by the Original Author,
+Licensor and/or Attribution Parties, as appropriate, of You or Your use
+of the Work, without the separate, express prior written permission of
+the Original Author, Licensor and/or Attribution Parties.
+
+Non-waivable Compulsory License Schemes. In those jurisdictions in which
+the right to collect royalties through any statutory or compulsory
+licensing scheme cannot be waived, the Licensor reserves the exclusive
+right to collect such royalties for any exercise by You of the rights
+granted under this License
+
+Waivable Compulsory License Schemes. In those jurisdictions in which the
+right to collect royalties through any statutory or compulsory licensing
+scheme can be waived, the Licensor reserves the exclusive right to
+collect such royalties for any exercise by You of the rights granted
+under this License if Your exercise of such rights is for a purpose or
+use which is otherwise than noncommercial as permitted under Commercial
+Restrictions and otherwise waives the right to collect royalties through
+any statutory or compulsory licensing scheme.
+
+Voluntary License Schemes. The Licensor reserves the right to collect
+royalties, whether individually or, in the event that the Licensor is a
+member of a collecting society that administers voluntary licensing
+schemes, via that society, from any exercise by You of the rights
+granted under this License that is for a purpose or use which is
+otherwise than noncommercial as permitted under the license grant.
+
+Except as otherwise agreed in writing by the Licensor or as may be
+otherwise permitted by applicable law, if You Reproduce, Distribute or
+Publicly Perform the Work either by itself or as part of any Adaptations
+or Collections, You must not distort, mutilate, modify or take other
+derogatory action in relation to the Work which would be prejudicial to
+the Original Author\'s honor or reputation. Licensor agrees that in
+those jurisdictions (e.g. Japan), in which any exercise of the right
+granted in the license grant of this License (the right to make
+Adaptations) would be deemed to be a distortion, mutilation,
+modification or other derogatory action prejudicial to the Original
+Author\'s honor and reputation, the Licensor will waive or not assert,
+as appropriate, this Section, to the fullest extent permitted by the
+applicable national law, to enable You to reasonably exercise Your right
+under the license grant of this License (right to make Adaptations) but
+not otherwise.
+
+Do not make any legal claim against anyone accusing the Work, with or
+without changes, alone or with other works, of infringing any patent
+claim.
+
+# Representations Warranties and Disclaimer
+
+UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR
+OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY
+KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE,
+INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY,
+FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF
+LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS,
+WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE
+EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU.
+
+# Limitation on Liability
+
+EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL
+LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL,
+INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF
+THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED
+OF THE POSSIBILITY OF SUCH DAMAGES.
+
+# Termination
+
+This License and the rights granted hereunder will terminate
+automatically upon any breach by You of the terms of this License.
+Individuals or entities who have received Adaptations or Collections
+from You under this License, however, will not have their licenses
+terminated provided such individuals or entities remain in full
+compliance with those licenses. The Sections on definitions, fair
+dealing rights, representations, warranties, and disclaimer, limitation
+on liability, termination, and revised license versions will survive any
+termination of this License.
+
+Subject to the above terms and conditions, the license granted here is
+perpetual (for the duration of the applicable copyright in the Work).
+Notwithstanding the above, Licensor reserves the right to release the
+Work under different license terms or to stop distributing the Work at
+any time; provided, however that any such election will not serve to
+withdraw this License (or any other license that has been, or is
+required to be, granted under the terms of this License), and this
+License will continue in full force and effect unless terminated as
+stated above.
+
+# Revised License Versions
+
+This License may receive future revisions in the original spirit of the
+license intended to strengthen This License. Each version of This
+License has an incrementing version number.
+
+Unless otherwise specified like in the below subsection The Licensor has
+only granted this current version of This License for The Work. In this
+case future revisions do not apply.
+
+The Licensor may specify that the latest available revision of This
+License be used for The Work by either explicitly writing so or by
+suffixing the License URI with a \"+\" symbol.
+
+The Licensor may specify that The Work is also available under the terms
+of This License\'s current revision as well as specific future
+revisions. The Licensor may do this by writing it explicitly or
+suffixing the License URI with any additional version numbers each
+separated by a comma.
+
+# Miscellaneous
+
+Each time You Distribute or Publicly Perform the Work or a Collection,
+the Licensor offers to the recipient a license to the Work on the same
+terms and conditions as the license granted to You under this License.
+
+Each time You Distribute or Publicly Perform an Adaptation, Licensor
+offers to the recipient a license to the original Work on the same terms
+and conditions as the license granted to You under this License.
+
+If the Work is classified as Software, each time You Distribute or
+Publicly Perform an Adaptation, Licensor offers to the recipient a copy
+and/or URI of the corresponding Source Code on the same terms and
+conditions as the license granted to You under this License.
+
+If the Work is used as a Network Service, each time You Distribute or
+Publicly Perform an Adaptation, or serve data derived from the Software,
+the Licensor offers to any recipients of the data a copy and/or URI of
+the corresponding Source Code on the same terms and conditions as the
+license granted to You under this License.
+
+If any provision of this License is invalid or unenforceable under
+applicable law, it shall not affect the validity or enforceability of
+the remainder of the terms of this License, and without further action
+by the parties to this agreement, such provision shall be reformed to
+the minimum extent necessary to make such provision valid and
+enforceable.
+
+No term or provision of this License shall be deemed waived and no
+breach consented to unless such waiver or consent shall be in writing
+and signed by the party to be charged with such waiver or consent.
+
+This License constitutes the entire agreement between the parties with
+respect to the Work licensed here. There are no understandings,
+agreements or representations with respect to the Work not specified
+here. Licensor shall not be bound by any additional provisions that may
+appear in any communication from You. This License may not be modified
+without the mutual written agreement of the Licensor and You.
+
+The rights granted under, and the subject matter referenced, in this
+License were drafted utilizing the terminology of the Berne Convention
+for the Protection of Literary and Artistic Works (as amended on
+September 28, 1979), the Rome Convention of 1961, the WIPO Copyright
+Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and
+the Universal Copyright Convention (as revised on July 24, 1971). These
+rights and subject matter take effect in the relevant jurisdiction in
+which the License terms are sought to be enforced according to the
+corresponding provisions of the implementation of those treaty
+provisions in the applicable national law. If the standard suite of
+rights granted under applicable copyright law includes additional rights
+not granted under this License, such additional rights are deemed to be
+included in the License; this License is not intended to restrict the
+license of any rights under applicable law.

README.md

@@ -0,0 +1,41 @@
+# `openpgp-key-janitor`
+
+> ⚠️ **Work in Progress (WIP)**
+>
+> **openpgp-key-janitor** is currently under development. It supports only key
+> generation, with more features planned for the future. Contributions and
+> feedback are welcome!
+
+The "OpenPGP Key Janitor" is a command-line tool for creating and maintaining
+OpenPGP keys.
+
+## Installation
+
+Use the package manager [cargo](https://doc.rust-lang.org/cargo/) to install it.
+
+```bash
+cargo install openpgp-key-janitor
+```
+
+## Usage
+```
+Usage: openpgp-key-janitor [OPTIONS] [DIR]
+
+Arguments:
+  [DIR]  Path to the directory it should operate on. Defaults to the current working directory
+
+Options:
+  -h, --help     Print help
+  -V, --version  Print version
+```
+
+## Contributing
+
+Pull requests are welcome. For major changes, please open an issue first
+to discuss what you would like to change.
+
+Please make sure to update tests as appropriate.
+
+## License
+
+[CNPLv7](https://thufie.lain.haus/NPL.html)

sample/.gitignore

@@ -0,0 +1 @@
+*.asc

sample/spec.yml

@@ -0,0 +1,11 @@
+---
+validity_period: 2y
+primary:
+  flags: [certify, sign]
+  cipher_suite: Cv25519
+subs:
+  - flags: [encrypt_for_transport, encrypt_at_rest]
+    cipher_suite: Cv25519
+    validity_period: 3y
+user_ids:
+  - value: "Alice Lovelace <alice@openpgp.example>"

src/main.rs

@@ -0,0 +1,160 @@
+use std::{fs::write, path::PathBuf, time::Duration};
+
+use anyhow::{anyhow, Context, Result};
+use clap::Parser;
+
+use serde::Deserialize;
+
+use sequoia_openpgp::{
+    cert::CertBuilder,
+    packet::signature::SignatureBuilder,
+    serialize::SerializeInto,
+    types::{KeyFlags, SignatureType},
+};
+
+#[derive(Deserialize)]
+struct Spec {
+    primary: KeyConfig,
+    subs: Vec<KeyConfig>,
+    user_ids: Vec<UserIdConfig>,
+    #[serde(flatten)]
+    expiry: Expiry,
+}
+
+#[derive(Deserialize)]
+struct KeyConfig {
+    flags: Vec<KeyFlag>,
+    cipher_suite: sequoia_openpgp::cert::CipherSuite,
+    #[serde(flatten)]
+    expiry: Expiry,
+}
+
+#[derive(Deserialize)]
+struct UserIdConfig {
+    value: String,
+    #[serde(default)]
+    notation: Vec<(String, String)>,
+}
+
+#[derive(Deserialize)]
+struct Expiry {
+    #[serde(with = "humantime_serde::option", default)]
+    validity_period: Option<Duration>,
+}
+
+#[derive(Deserialize)]
+#[serde(rename_all = "snake_case")]
+enum KeyFlag {
+    Certify,
+    Sign,
+    EncryptForTransport,
+    EncryptAtRest,
+    SplitKey,
+    Authenticate,
+    GroupKey,
+}
+
+#[derive(Parser)]
+#[command(author, version, about, long_about = None)]
+struct Cli {
+    /// Path to the directory it should operate on. Defaults to the current working directory.
+    #[arg(value_name = "DIR")]
+    path: Option<PathBuf>,
+}
+
+struct Paths {
+    spec: PathBuf,
+    secret: PathBuf,
+    public: PathBuf,
+    rev: PathBuf,
+}
+
+impl Paths {
+    fn new(base: PathBuf) -> Paths {
+        let mut spec = base.clone();
+        spec.push("spec.yml");
+        let mut secret = base.clone();
+        secret.push("secret.asc");
+        let mut public = base.clone();
+        public.push("public.asc");
+        let mut rev = base;
+        rev.push("rev.asc");
+        Paths {
+            spec,
+            secret,
+            public,
+            rev,
+        }
+    }
+}
+
+impl KeyFlag {
+    fn apply(&self, flags: sequoia_openpgp::types::KeyFlags) -> sequoia_openpgp::types::KeyFlags {
+        match self {
+            Self::Certify => flags.set_certification(),
+            Self::Sign => flags.set_signing(),
+            Self::EncryptForTransport => flags.set_transport_encryption(),
+            Self::EncryptAtRest => flags.set_storage_encryption(),
+            Self::SplitKey => flags.set_split_key(),
+            Self::Authenticate => flags.set_authentication(),
+            Self::GroupKey => flags.set_group_key(),
+        }
+    }
+}
+
+fn main() -> Result<()> {
+    let cli = Cli::parse();
+    let base_dir = cli
+        .path
+        .ok_or_else(|| anyhow!("No path specified in CLI parameters."))
+        .or_else(|_| std::env::current_dir())
+        .context(
+            "Couldn't get current dir from env, and no path was specified in CLI parameters either",
+        )?;
+    let paths = Paths::new(base_dir);
+    let spec_string = std::fs::read_to_string(&paths.spec)?;
+    let spec: Spec = serde_yaml::from_str(&spec_string)?;
+    let mut primary_key_flags = KeyFlags::empty();
+    for flag in spec.primary.flags {
+        primary_key_flags = flag.apply(primary_key_flags);
+    }
+    let mut builder = CertBuilder::new()
+        .set_primary_key_flags(primary_key_flags)
+        .set_validity_period(
+            spec.primary
+                .expiry
+                .validity_period
+                .or(spec.expiry.validity_period),
+        )
+        .set_cipher_suite(spec.primary.cipher_suite);
+    for sub_key in spec.subs {
+        let mut sub_key_flags = KeyFlags::empty();
+        for flag in sub_key.flags {
+            sub_key_flags = flag.apply(sub_key_flags);
+        }
+        builder = builder.add_subkey_with(
+            sub_key_flags,
+            sub_key
+                .expiry
+                .validity_period
+                .or(spec.expiry.validity_period),
+            Some(sub_key.cipher_suite),
+            SignatureBuilder::new(SignatureType::SubkeyBinding),
+        )?;
+    }
+    for user_id in spec.user_ids {
+        let mut sig_builder = SignatureBuilder::new(SignatureType::PositiveCertification);
+        for (key, value) in user_id.notation {
+            sig_builder = sig_builder.add_notation(key, value, None, false)?;
+        }
+        builder = builder.add_userid_with(user_id.value, sig_builder)?;
+    }
+
+    let (cert, rev) = builder.generate()?;
+
+    write(&paths.public, cert.armored().to_vec()?)?;
+    write(&paths.secret, cert.as_tsk().armored().to_vec()?)?;
+    write(&paths.rev, cert.insert_packets(rev)?.armored().to_vec()?)?;
+
+    Ok(())
+}