From 524344de61e3fe56a75e92bce06e85610950d058 Mon Sep 17 00:00:00 2001
From: Mark <magyarheaven@gmail.com>
Date: Tue, 27 Jan 2026 05:17:41 +0100
Subject: [PATCH 1/3] fix(cryptography): add key:generate hint to invalid key
 exceptions

---
 packages/cryptography/src/Encryption/EncryptionKey.php   | 2 +-
 .../Encryption/Exceptions/EncryptionKeyWasInvalid.php    | 9 ++++++---
 .../src/Signing/Exceptions/SigningKeyWasInvalid.php      | 2 +-
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/packages/cryptography/src/Encryption/EncryptionKey.php b/packages/cryptography/src/Encryption/EncryptionKey.php
index 0f4cb16c65..e6a88e7247 100644
--- a/packages/cryptography/src/Encryption/EncryptionKey.php
+++ b/packages/cryptography/src/Encryption/EncryptionKey.php
@@ -16,7 +16,7 @@ public function __construct(
         }
 
         if (strlen($value) !== $algorithm->getKeyLength()) {
-            throw EncryptionKeyWasInvalid::becauseLengthMismatched($algorithm);
+            throw EncryptionKeyWasInvalid::becauseLengthMismatched($algorithm, strlen($value));
         }
     }
 
diff --git a/packages/cryptography/src/Encryption/Exceptions/EncryptionKeyWasInvalid.php b/packages/cryptography/src/Encryption/Exceptions/EncryptionKeyWasInvalid.php
index 317201ff2a..8fa6afa720 100644
--- a/packages/cryptography/src/Encryption/Exceptions/EncryptionKeyWasInvalid.php
+++ b/packages/cryptography/src/Encryption/Exceptions/EncryptionKeyWasInvalid.php
@@ -16,13 +16,16 @@ public function __construct(
 
     public static function becauseItIsMissing(EncryptionAlgorithm $algorithm): self
     {
-        return new self('The encryption key is missing or empty. Ensure you have a `SIGNING_KEY` environment variable.', $algorithm);
+        return new self(
+            'The encryption key is missing or empty. Ensure you have a `SIGNING_KEY` environment variable, or generate one with `php tempest key:generate`.',
+            $algorithm,
+        );
     }
 
-    public static function becauseLengthMismatched(EncryptionAlgorithm $algorithm): self
+    public static function becauseLengthMismatched(EncryptionAlgorithm $algorithm, int $actualLength): self
     {
         return new self(
-            "The encryption key length does not match the expected length ({$algorithm->getKeyLength()}).",
+            "The encryption key length ({$actualLength}) does not match the expected length ({$algorithm->getKeyLength()}). Generate a valid key with `php tempest key:generate`.",
             $algorithm,
         );
     }
diff --git a/packages/cryptography/src/Signing/Exceptions/SigningKeyWasInvalid.php b/packages/cryptography/src/Signing/Exceptions/SigningKeyWasInvalid.php
index 45d5dfd95d..4625b5bc36 100644
--- a/packages/cryptography/src/Signing/Exceptions/SigningKeyWasInvalid.php
+++ b/packages/cryptography/src/Signing/Exceptions/SigningKeyWasInvalid.php
@@ -8,6 +8,6 @@ final class SigningKeyWasInvalid extends Exception implements SigningException
 {
     public static function becauseItIsMissing(): self
     {
-        return new self('The signing key is missing or empty. Ensure you have a `SIGNING_KEY` environment variable.');
+        return new self('The signing key is missing or empty. Ensure you have a `SIGNING_KEY` environment variable, or generate one with `php tempest key:generate`.');
     }
 }

From 7306df94ebb83b749a150a384c4bbc42e6fb2cf3 Mon Sep 17 00:00:00 2001
From: Enzo Innocenzi <enzo@innocenzi.dev>
Date: Tue, 27 Jan 2026 11:03:31 +0100
Subject: [PATCH 2/3] refactor: update exception messages

---
 .../src/Encryption/Exceptions/EncryptionKeyWasInvalid.php | 8 ++++----
 .../src/Signing/Exceptions/SigningKeyWasInvalid.php       | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/packages/cryptography/src/Encryption/Exceptions/EncryptionKeyWasInvalid.php b/packages/cryptography/src/Encryption/Exceptions/EncryptionKeyWasInvalid.php
index 8fa6afa720..2bd7cfb299 100644
--- a/packages/cryptography/src/Encryption/Exceptions/EncryptionKeyWasInvalid.php
+++ b/packages/cryptography/src/Encryption/Exceptions/EncryptionKeyWasInvalid.php
@@ -17,16 +17,16 @@ public function __construct(
     public static function becauseItIsMissing(EncryptionAlgorithm $algorithm): self
     {
         return new self(
-            'The encryption key is missing or empty. Ensure you have a `SIGNING_KEY` environment variable, or generate one with `php tempest key:generate`.',
-            $algorithm,
+            message: 'The encryption key is missing or empty. Generate a valid `SIGNING_KEY` with `php tempest key:generate`.',
+            algorithm: $algorithm,
         );
     }
 
     public static function becauseLengthMismatched(EncryptionAlgorithm $algorithm, int $actualLength): self
     {
         return new self(
-            "The encryption key length ({$actualLength}) does not match the expected length ({$algorithm->getKeyLength()}). Generate a valid key with `php tempest key:generate`.",
-            $algorithm,
+            message: "The encryption key length ({$actualLength}) does not match the expected length ({$algorithm->getKeyLength()}). Generate a valid `SIGNING_KEY` with `php tempest key:generate`.",
+            algorithm: $algorithm,
         );
     }
 }
diff --git a/packages/cryptography/src/Signing/Exceptions/SigningKeyWasInvalid.php b/packages/cryptography/src/Signing/Exceptions/SigningKeyWasInvalid.php
index 4625b5bc36..211bdc05dc 100644
--- a/packages/cryptography/src/Signing/Exceptions/SigningKeyWasInvalid.php
+++ b/packages/cryptography/src/Signing/Exceptions/SigningKeyWasInvalid.php
@@ -8,6 +8,6 @@ final class SigningKeyWasInvalid extends Exception implements SigningException
 {
     public static function becauseItIsMissing(): self
     {
-        return new self('The signing key is missing or empty. Ensure you have a `SIGNING_KEY` environment variable, or generate one with `php tempest key:generate`.');
+        return new self('The signing key is missing or empty. Generate a valid `SIGNING_KEY` with `php tempest key:generate`.');
     }
 }

From 64cc54b28a62b33d6a15db4d817fec130c6769e9 Mon Sep 17 00:00:00 2001
From: Enzo Innocenzi <enzo@innocenzi.dev>
Date: Tue, 27 Jan 2026 11:04:14 +0100
Subject: [PATCH 3/3] feat: add `generate:key` alias

---
 packages/cryptography/src/GenerateSigningKeyCommand.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/packages/cryptography/src/GenerateSigningKeyCommand.php b/packages/cryptography/src/GenerateSigningKeyCommand.php
index fb22a76594..f65b1da33c 100644
--- a/packages/cryptography/src/GenerateSigningKeyCommand.php
+++ b/packages/cryptography/src/GenerateSigningKeyCommand.php
@@ -21,7 +21,11 @@ public function __construct(
             private Console $console,
         ) {}
 
-        #[ConsoleCommand('key:generate', description: 'Generates the signing key required to sign and verify data.')]
+        #[ConsoleCommand(
+            name: 'key:generate',
+            description: 'Generates the signing key required to sign and verify data.',
+            aliases: ['generate:key'],
+        )]
         public function __invoke(bool $override = true): ExitCode
         {
             $key = EncryptionKey::generate($this->encryptionConfig->algorithm);