SOP encrypt --profile=rfc9580: Only override enc mechanism with seipd2 if exclusively symmetric encryption is used

pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/EncryptionOptions.kt

@@ -9,6 +9,7 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing
 import org.bouncycastle.openpgp.api.MessageEncryptionMechanism
 import org.bouncycastle.openpgp.api.OpenPGPCertificate
 import org.bouncycastle.openpgp.api.OpenPGPCertificate.OpenPGPComponentKey
+import org.bouncycastle.openpgp.operator.PBEKeyEncryptionMethodGenerator
 import org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator
 import org.pgpainless.PGPainless
 import org.pgpainless.algorithm.EncryptionPurpose
@@ -427,6 +428,9 @@ class EncryptionOptions(private val purpose: EncryptionPurpose, private val api:
 
     fun hasEncryptionMethod() = _encryptionMethods.isNotEmpty()
 
+    fun usesOnlyPasswordBasedEncryption() =
+        _encryptionMethods.all { it is PBEKeyEncryptionMethodGenerator }
+
     internal fun negotiateEncryptionMechanism(): MessageEncryptionMechanism {
         if (encryptionMechanismOverride != null) {
             return encryptionMechanismOverride!!

pgpainless-sop/src/main/kotlin/org/pgpainless/sop/EncryptImpl.kt

@@ -63,7 +63,8 @@ class EncryptImpl(private val api: PGPainless) : Encrypt {
             throw SOPGPException.MissingArg("Missing encryption method.")
         }
 
-        if (profile == RFC9580_PROFILE.name) {
+        if (encryptionOptions.usesOnlyPasswordBasedEncryption() &&
+            profile == RFC9580_PROFILE.name) {
             encryptionOptions.overrideEncryptionMechanism(
                 MessageEncryptionMechanism.aead(
                     SymmetricKeyAlgorithm.AES_128.algorithmId, AEADAlgorithm.OCB.algorithmId))