mirror of
https://github.com/openpgpjs/openpgpjs.git
synced 2025-11-23 22:15:52 +00:00
d3e75de23d
In `openpgp.sign`, the signing key preferences are considered instead, since no "recipient keys" are available. The hash algo selection logic has been reworked as follows: if `config.preferredHashAlgo` appears in the prefs of all recipients, we pick it; otherwise, we use the strongest supported algo (note: SHA256 is always implicitly supported by all keys), as long as it is compatible with the signing key (e.g. ECC keys require minimum digest sizes). Previously, only the preferences of the signing key were used to determine the hash algo to use, but this is in contrast to the RFC: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.16-2 . Also, an algo stronger than `config.preferredHashAlgo` would be used, if the signing key declared it as first preference. With this change, `config.preferredHashAlgo` is picked even if it's weaker than the preferences of the recipient keys.