buildKey(): Use BC KeyGenerator, but apply PGPainless algorithm preferences

pgpainless-core/src/main/kotlin/org/pgpainless/PGPainless.kt

@@ -19,6 +19,7 @@ import org.bouncycastle.openpgp.api.OpenPGPKeyReader
 import org.bouncycastle.openpgp.api.bc.BcOpenPGPApi
 import org.pgpainless.algorithm.OpenPGPKeyVersion
 import org.pgpainless.bouncycastle.PolicyAdapter
+import org.pgpainless.bouncycastle.helpers.SignatureSubpacketsFunctionHelper
 import org.pgpainless.decryption_verification.DecryptionBuilder
 import org.pgpainless.encryption_signing.EncryptionBuilder
 import org.pgpainless.key.certification.CertifyCertificate
@@ -59,7 +60,21 @@ class PGPainless(
                 implementation, version.numeric, version == OpenPGPKeyVersion.v6, creationTime)
             .apply {
                 val genAlgs = algorithmPolicy.keyGenerationAlgorithmSuite
-                setDefaultFeatures(genAlgs.features.toSignatureSubpacketsFunction(true))
+                // Set default algorithm preferences from AlgorithmSuite
+                setDefaultFeatures(
+                    SignatureSubpacketsFunctionHelper.applyFeatures(true, genAlgs.features))
+                setDefaultSymmetricKeyPreferences(
+                    SignatureSubpacketsFunctionHelper.applySymmetricAlgorithmPreferences(
+                        true, genAlgs.symmetricKeyAlgorithms))
+                setDefaultHashAlgorithmPreferences(
+                    SignatureSubpacketsFunctionHelper.applyHashAlgorithmPreferences(
+                        true, genAlgs.hashAlgorithms))
+                setDefaultCompressionAlgorithmPreferences(
+                    SignatureSubpacketsFunctionHelper.applyCompressionAlgorithmPreferences(
+                        true, genAlgs.compressionAlgorithms))
+                setDefaultAeadAlgorithmPreferences(
+                    SignatureSubpacketsFunctionHelper.applyAEADAlgorithmSuites(
+                        false, genAlgs.aeadAlgorithms))
             }
 
     fun readKey(): OpenPGPKeyReader = api.readKeyOrCertificate()

pgpainless-core/src/main/kotlin/org/pgpainless/algorithm/AlgorithmSuite.kt

@@ -4,8 +4,6 @@
 
 package org.pgpainless.algorithm
 
-import org.bouncycastle.openpgp.api.SignatureSubpacketsFunction
-
 class AlgorithmSuite(
     symmetricKeyAlgorithms: List<SymmetricKeyAlgorithm>?,
     hashAlgorithms: List<HashAlgorithm>?,
@@ -18,16 +16,7 @@ class AlgorithmSuite(
     val hashAlgorithms: Set<HashAlgorithm>? = hashAlgorithms?.toSet()
     val compressionAlgorithms: Set<CompressionAlgorithm>? = compressionAlgorithms?.toSet()
     val aeadAlgorithms: Set<AEADCipherMode>? = aeadAlgorithms?.toSet()
-    val features: FeatureSet = FeatureSet(features.toSet())
+    val features: Set<Feature> = features.toSet()
-
-    class FeatureSet(val features: Set<Feature>) {
-        fun toSignatureSubpacketsFunction(critical: Boolean = true): SignatureSubpacketsFunction {
-            return SignatureSubpacketsFunction {
-                val b = Feature.toBitmask(*features.toTypedArray())
-                it.apply { setFeature(critical, b) }
-            }
-        }
-    }
 
     companion object {
 

pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/helpers/SignatureSubpacketsFunctionHelper.kt

@@ -0,0 +1,90 @@
+// SPDX-FileCopyrightText: 2025 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.bouncycastle.helpers
+
+import org.bouncycastle.bcpg.sig.PreferredAEADCiphersuites
+import org.bouncycastle.openpgp.api.SignatureSubpacketsFunction
+import org.pgpainless.algorithm.AEADCipherMode
+import org.pgpainless.algorithm.CompressionAlgorithm
+import org.pgpainless.algorithm.Feature
+import org.pgpainless.algorithm.HashAlgorithm
+import org.pgpainless.algorithm.SymmetricKeyAlgorithm
+
+class SignatureSubpacketsFunctionHelper {
+
+    companion object {
+
+        @JvmStatic
+        fun applySymmetricAlgorithmPreferences(
+            critical: Boolean = true,
+            symmetricAlgorithms: Set<SymmetricKeyAlgorithm>?
+        ): SignatureSubpacketsFunction {
+            return symmetricAlgorithms?.let { algorithms ->
+                val algorithmIds = algorithms.map { it.algorithmId }.toIntArray()
+                SignatureSubpacketsFunction {
+                    it.apply { setPreferredSymmetricAlgorithms(critical, algorithmIds) }
+                }
+            }
+                ?: SignatureSubpacketsFunction { it }
+        }
+
+        @JvmStatic
+        fun applyHashAlgorithmPreferences(
+            critical: Boolean = true,
+            hashAlgorithms: Set<HashAlgorithm>?
+        ): SignatureSubpacketsFunction {
+            return hashAlgorithms?.let { algorithms ->
+                val algorithmIds = algorithms.map { it.algorithmId }.toIntArray()
+                SignatureSubpacketsFunction {
+                    it.apply { setPreferredHashAlgorithms(critical, algorithmIds) }
+                }
+            }
+                ?: SignatureSubpacketsFunction { it }
+        }
+
+        @JvmStatic
+        fun applyCompressionAlgorithmPreferences(
+            critical: Boolean = true,
+            compressionAlgorithms: Set<CompressionAlgorithm>?
+        ): SignatureSubpacketsFunction {
+            return compressionAlgorithms?.let { algorithms ->
+                val algorithmIds = algorithms.map { it.algorithmId }.toIntArray()
+                SignatureSubpacketsFunction {
+                    it.apply { setPreferredCompressionAlgorithms(critical, algorithmIds) }
+                }
+            }
+                ?: SignatureSubpacketsFunction { it }
+        }
+
+        @JvmStatic
+        fun applyAEADAlgorithmSuites(
+            critical: Boolean = true,
+            aeadAlgorithms: Set<AEADCipherMode>?
+        ): SignatureSubpacketsFunction {
+            return aeadAlgorithms?.let { algorithms ->
+                SignatureSubpacketsFunction {
+                    val builder = PreferredAEADCiphersuites.builder(critical)
+                    for (ciphermode: AEADCipherMode in algorithms) {
+                        builder.addCombination(
+                            ciphermode.ciphermode.algorithmId, ciphermode.aeadAlgorithm.algorithmId)
+                    }
+                    it.apply { setPreferredAEADCiphersuites(builder) }
+                }
+            }
+                ?: SignatureSubpacketsFunction { it }
+        }
+
+        @JvmStatic
+        fun applyFeatures(
+            critical: Boolean = true,
+            features: Set<Feature>
+        ): SignatureSubpacketsFunction {
+            return SignatureSubpacketsFunction {
+                val b = Feature.toBitmask(*features.toTypedArray())
+                it.apply { setFeature(critical, b) }
+            }
+        }
+    }
+}

pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt

@@ -90,6 +90,7 @@ class SecretKeyRingEditor(var key: OpenPGPKey, override val referenceTime: Date
             }
         builder.hashedSubpackets.apply {
             setKeyFlags(info.getKeyFlagsOf(primaryKey.keyID))
+            hashAlgorithmPreferences
             hashAlgorithmPreferences?.let { setPreferredHashAlgorithms(it) }
             symmetricKeyAlgorithmPreferences?.let { setPreferredSymmetricKeyAlgorithms(it) }
             compressionAlgorithmPreferences?.let { setPreferredCompressionAlgorithms(it) }