GnuPG fails to parse algorithm preferences (and presumably features) from direct key signatures
Closed, InvalidPublic

Description

While GnuPG correctly constrains the lifetime and keyflags of the primary key using subpackets found in direct signatures, it fails to parse algorithm preferences (and presumably features) from direct key signatures.

$ gpg --edit-key 23F81D59CF68F720             
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub  ed25519/23F81D59CF68F720
     created: 2019-02-11  expired: 2019-02-25  usage: SCA 
     trust: unknown       validity: expired
[ expired] (1). Joe Sixpack <joe@example.org>

gpg> showpref
[ expired] (1). Joe Sixpack <joe@example.org>
     Cipher: 3DES
     Digest: SHA1
     Compression: ZIP, Uncompressed

gpg>

This is the TPK I tried:

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEXGFrtRYJKwYBBAHaRw8BAQdApdENuhSm9FSueg8jw6r1ihe2OEjhllHQz+jD
q+fBR5zChwQfFgoAOQWCXGFrtQKbIwWJABJ1AAIeAwILCQIVChYhBBanP1v8VBgg
6QnrryP4HVnPaPcgCRAj+B1Zz2j3IAAAbbQBAPv2PH0RVPXwIOOoLvXQGLQDWA5p
9ZSZ/PUdEg48b2euAQDq2X1/L6kkJ1ESUjvhJ+w9iweMuMrJqNlmYPofhxgWC80d
Sm9lIFNpeHBhY2sgPGpvZUBleGFtcGxlLm9yZz7CdQQTFgoAJwWCXGFrtRYhBBan
P1v8VBgg6QnrryP4HVnPaPcgCRAj+B1Zz2j3IAAANdYA/0aJokj8mJnPx7mvXA0H
AQIJY8xEaTyGdMqC6u8Bh9nkAP4lkhqEM8qcvEcAhWek6ecmqbOP/78EqO+xPmEm
vQ3SDg==
=vyeV
-----END PGP PUBLIC KEY BLOCK-----

Details

Version
2.2.12
justus created this task.Mar 11 2019, 1:43 PM
werner closed this task as Invalid.Mar 11 2019, 1:58 PM
werner added a subscriber: werner.

That is correct according to the specs:

Implementing software should interpret a self-signature's preference
subpackets as narrowly as possible.  For example, suppose a key has
two user names, Alice and Bob. Suppose that Alice prefers the
symmetric algorithm AES-256, and Bob prefers Camellia-256 or AES-128.
If the software locates this key via Alice's name, then the preferred
algorithm is AES-256; if software locates the key via Bob's name,
then the preferred algorithm is Camellia-256.  If the key is located
by Key ID, the algorithm of the primary User ID of the key provides
the preferred symmetric algorithm.

Given that user ids with self-signatures are mandatory in gpg there is no reason to consult direct key signatures.