Consider to allow decryption with sign/certify primary key and/or subkey.

[ni4]

Description

It seems that, in a real world, standards are not always obeyed: https://bugzilla.mozilla.org/show_bug.cgi?id=1865620 So we should consider to allow users to decrypt message even if it is encrypted by sign/certify key.

[teythoon]

Please don't do that. We use separate keys for signing and encryption for a reason. Even though some implementations may do that, this is just a terrible idea and should be fixed at the sender. Decrypting using signing-only keys is what made the faulty sending implementation get away with it in the first place. Let's not descend on a race to the bottom.

For an example why we don't do that: All ElGamal signing keys are compromised, and if they are also used for encryption, this breaks confidentiality as well: https://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000160.html

FWIW, I wrote a test for this: https://tests.sequoia-pgp.org/#Non-encryption_recipients