Delta Chat encrypts to subkey that is not marked with encryption flag

[link2xt]

There is a user that has a key consisting of RSA primary key that is marked for encryption, signing and certification. And there is an authentication RSA subkey. They imported the key into Delta Chat and now receive messages that they cannot decrypt in Thunderbird, because the other side using Delta Chat is encrypting to the subkey (which should not be used for encryption) and Thunderbird tries to decrypt only with the primary key.

It's not recommended to use the same RSA key for encryption and signing at the same time, and Autocrypt specification says there should be a signing-capable primary key and encryption subkey, so this normally does not happen for Delta Chat users.

Here is a key selection function that even has a TODO: https://github.com/deltachat/deltachat-core-rust/blob/0040c17892b0d2c1002800248bf49b455d538a02/src/pgp.rs#L246-L268

[link2xt]

rPGP does not even have a way to get key flags without looking at the packets manually. https://codeberg.org/heiko/rpgpie has some functions for this.

[adbenitez]

FTR the person solved the problem adding a new subkey for encrypting and removing the old subkey marked for authentication

[link2xt]

Just removing an authentication subkey should have worked as well. But it's generally not recommended to use the same key for signing and encryption.