Rakefile in enmail-0.2.0 vs Rakefile in enmail-0.2.1

- old
+ new

@@ -58,15 +58,21 @@
   desc "Clears tmp/pgp_home, and generates new set of keys"
   task :regenerate => %i[clear generate]
 
   desc "Generates keys in tmp/pgp_home"
   task :generate => :prepare do
+    # NOTE:
+    # - "cert" flag is implicit in "Key-Usage".  It is harmless to specify
+    #   it in GnuPG 2.2, but it is not recognized in 2.1.
+    # - For keys which are not password-protected, "%no-protection" is required
+    #   in GnuPG 2.2, whereas it is ignored (with a warning) in 2.1.
+
     # Key pairs without password
     generate_pgp_keys(<<~KEY_PARAMS)
       %no-protection
       Key-Type: RSA
-      Key-Usage: sign, cert
+      Key-Usage: sign
       Key-Length: 2048
       Subkey-Type: RSA
       Subkey-Length: 2048
       Subkey-Usage: encrypt
       Name-Real: Some Arbitrary Key
@@ -76,11 +82,11 @@
     KEY_PARAMS
 
     generate_pgp_keys(<<~KEY_PARAMS)
       %no-protection
       Key-Type: RSA
-      Key-Usage: sign, cert
+      Key-Usage: sign
       Key-Length: 2048
       Subkey-Type: RSA
       Subkey-Length: 2048
       Subkey-Usage: encrypt
       Name-Real: Cato Elder
@@ -90,11 +96,11 @@
     KEY_PARAMS
 
     generate_pgp_keys(<<~KEY_PARAMS)
       %no-protection
       Key-Type: RSA
-      Key-Usage: sign, cert
+      Key-Usage: sign
       Key-Length: 2048
       Subkey-Type: RSA
       Subkey-Length: 2048
       Subkey-Usage: encrypt
       Name-Real: Roman Senate
@@ -104,10 +110,10 @@
     KEY_PARAMS
 
     # Password-protected key pairs
     generate_pgp_keys(<<~KEY_PARAMS)
       Key-Type: RSA
-      Key-Usage: sign, cert
+      Key-Usage: sign
       Key-Length: 2048
       Subkey-Type: RSA
       Subkey-Length: 2048
       Subkey-Usage: encrypt
       Name-Real: Cato Elder