openpgp: Set the preferred algorithm subpackets correctly.
-
CertBuilder
places thePreferred Hash Algorithm
andPreferred Symmetric Algorithm
subpackets only on subkeys. But, GnuPG only recognizes them on User ID binding signatures, and direct key signatures.-
This means that when GnuPG encrypts a message to a certificate generated by Sequoia, it falls back to 3DES (4880's only MUST algorithm).
-
Change
CertBuilder
to match GnuPG's expectations: when creating a certificate, add thePreferred Hash Algorithm
andPreferred Symmetric Algorithm
subpackets to the User ID binding signatures, User Attribute binding signatures, and direct key signature, and don't bother adding them to the subkey binding signatures. -
See #522 (closed).
-