diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
index 7e8691cc..4619abc6 100644
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
@@ -19,6 +19,7 @@ import org.pgpainless.algorithm.KeyFlag
 import org.pgpainless.algorithm.OpenPGPKeyVersion
 import org.pgpainless.algorithm.SignatureType
 import org.pgpainless.bouncycastle.extensions.unlock
+import org.pgpainless.key.protection.KeyRingProtectionSettings
 import org.pgpainless.policy.Policy
 import org.pgpainless.signature.subpackets.SelfSignatureSubpackets
 import org.pgpainless.signature.subpackets.SignatureSubpackets
@@ -231,10 +232,14 @@ class KeyRingBuilder(
         aead: Boolean
     ): PBESecretKeyEncryptor? {
         check(passphrase.isValid) { "Passphrase was cleared." }
+        val protectionSettings = KeyRingProtectionSettings.secureDefaultSettings()
         return if (passphrase.isEmpty) null
         else
             OpenPGPImplementation.getInstance()
-                .pbeSecretKeyEncryptorFactory(aead)
+                .pbeSecretKeyEncryptorFactory(
+                    aead,
+                    protectionSettings.encryptionAlgorithm.algorithmId,
+                    protectionSettings.s2kCount)
                 .build(passphrase.getChars(), publicKey.publicKeyPacket)
     }
 
diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/BaseSecretKeyRingProtector.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/BaseSecretKeyRingProtector.kt
index 56e681ef..708db62d 100644
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/BaseSecretKeyRingProtector.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/BaseSecretKeyRingProtector.kt
@@ -47,7 +47,10 @@ open class BaseSecretKeyRingProtector(
             if (it.isEmpty) null
             else
                 OpenPGPImplementation.getInstance()
-                    .pbeSecretKeyEncryptorFactory(false)
+                    .pbeSecretKeyEncryptorFactory(
+                        false,
+                        protectionSettings.encryptionAlgorithm.algorithmId,
+                        protectionSettings.s2kCount)
                     .build(it.getChars(), key.publicKeyPacket)
         }
     }
diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/KeyRingProtectionSettings.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/KeyRingProtectionSettings.kt
index c7566f6d..e9cdb973 100644
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/KeyRingProtectionSettings.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/KeyRingProtectionSettings.kt
@@ -19,7 +19,8 @@ import org.pgpainless.algorithm.SymmetricKeyAlgorithm
 data class KeyRingProtectionSettings(
     val encryptionAlgorithm: SymmetricKeyAlgorithm,
     val hashAlgorithm: HashAlgorithm,
-    val s2kCount: Int
+    val s2kCount: Int,
+    val aead: Boolean
 ) {
 
     /**
@@ -31,7 +32,7 @@ data class KeyRingProtectionSettings(
      */
     constructor(
         encryptionAlgorithm: SymmetricKeyAlgorithm
-    ) : this(encryptionAlgorithm, HashAlgorithm.SHA1, 0x60)
+    ) : this(encryptionAlgorithm, HashAlgorithm.SHA1, 0x60, false)
 
     init {
         require(encryptionAlgorithm != SymmetricKeyAlgorithm.NULL) {
@@ -50,6 +51,12 @@ data class KeyRingProtectionSettings(
          */
         @JvmStatic
         fun secureDefaultSettings() =
-            KeyRingProtectionSettings(SymmetricKeyAlgorithm.AES_256, HashAlgorithm.SHA256, 0x60)
+            KeyRingProtectionSettings(
+                SymmetricKeyAlgorithm.AES_256, HashAlgorithm.SHA256, 0x60, false)
+
+        @JvmStatic
+        fun aead() =
+            KeyRingProtectionSettings(
+                SymmetricKeyAlgorithm.AES_256, HashAlgorithm.SHA256, 0xff, true)
     }
 }
diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/protection/InvalidProtectionSettingsTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/protection/InvalidProtectionSettingsTest.java
index b0746398..40eb776a 100644
--- a/pgpainless-core/src/test/java/org/pgpainless/key/protection/InvalidProtectionSettingsTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/protection/InvalidProtectionSettingsTest.java
@@ -15,6 +15,6 @@ public class InvalidProtectionSettingsTest {
     @Test
     public void unencryptedKeyRingProtectionSettingsThrows() {
         assertThrows(IllegalArgumentException.class, () ->
-                new KeyRingProtectionSettings(SymmetricKeyAlgorithm.NULL, HashAlgorithm.SHA256, 0x60));
+                new KeyRingProtectionSettings(SymmetricKeyAlgorithm.NULL, HashAlgorithm.SHA256, 0x60, false));
     }
 }