Proofmode is generating OpenPGP keys with deprecated RSA public key packets

[b1rger]

Hi, while doing some statistics on the keys on the keyservers, I stumbled upon roughly 3000 keys with the UserID noone@proofmode.witness.org. All those keys are public keys with an RSA Sign-Only Public-Key packet. According to RFC4880 such keys should not be generated:

There are algorithm types for RSA Sign-Only, and RSA Encrypt-Only keys. These types are deprecated. The "key flags" subpacket in a signature is a much better way to express the same idea, and generalizes it to all algorithms. An implementation SHOULD NOT create such a key, but MAY interpret it.

I think the problem is in https://github.com/guardianproject/proofmode/blob/b6662e0e2f13e95570dacba27c14c0e8d13030c1/android-libproofmode/src/main/java/org/witness/proofmode/crypto/PgpUtils.java#L210-L211
where the constants RSA_SIGN and RSA_ENCRYPT are being used instead of RSA_GENERAL.

[n8fr8]

Excellent find, thanks!