openpgp: Set the preferred algorithm subpackets correctly. (!752) · Merge requests · sequoia-pgp / sequoia

Neal H. Walfield requested to merge neal/workwork into master Jul 15, 2020

CertBuilder places the Preferred Hash Algorithm and Preferred Symmetric Algorithm subpackets only on subkeys. But, GnuPG only recognizes them on User ID binding signatures, and direct key signatures.
- This means that when GnuPG encrypts a message to a certificate generated by Sequoia, it falls back to 3DES (4880's only MUST algorithm).
- Change CertBuilder to match GnuPG's expectations: when creating a certificate, add the Preferred Hash Algorithm and Preferred Symmetric Algorithm subpackets to the User ID binding signatures, User Attribute binding signatures, and direct key signature, and don't bother adding them to the subkey binding signatures.
- See #522 (closed).

openpgp: Set the preferred algorithm subpackets correctly.