fix: configure hash_alg based on signing key type

Don't set a default HashAlgorithm: not all combinations are legal (e.g. SHA256 and NIST P-521 will error on use).

src/composed/key/public.rs

@@ -112,6 +112,7 @@ impl PublicSubkey {
         let config = SignatureConfigBuilder::default()
             .typ(SignatureType::SubkeyBinding)
             .pub_alg(sec_key.algorithm())
+            .hash_alg(sec_key.hash_alg())
             .hashed_subpackets(hashed_subpackets)
             .unhashed_subpackets(vec![Subpacket::regular(SubpacketData::Issuer(
                 sec_key.key_id(),

src/composed/key/secret.rs

@@ -103,6 +103,7 @@ impl SecretSubkey {
         let config = SignatureConfigBuilder::default()
             .typ(SignatureType::SubkeyBinding)
             .pub_alg(sec_key.algorithm())
+            .hash_alg(sec_key.hash_alg())
             .hashed_subpackets(hashed_subpackets)
             .unhashed_subpackets(vec![Subpacket::regular(SubpacketData::Issuer(
                 sec_key.key_id(),

src/composed/key/shared.rs

@@ -89,6 +89,7 @@ impl KeyDetails {
             let config = SignatureConfigBuilder::default()
                 .typ(SignatureType::CertGeneric)
                 .pub_alg(key.algorithm())
+                .hash_alg(key.hash_alg())
                 .hashed_subpackets(hashed_subpackets)
                 .unhashed_subpackets(vec![Subpacket::regular(SubpacketData::Issuer(
                     key.key_id(),
@@ -109,6 +110,7 @@ impl KeyDetails {
                     let config = SignatureConfigBuilder::default()
                         .typ(SignatureType::CertGeneric)
                         .pub_alg(key.algorithm())
+                        .hash_alg(key.hash_alg())
                         .hashed_subpackets(vec![
                             Subpacket::regular(SubpacketData::SignatureCreationTime(
                                 chrono::Utc::now().trunc_subsecs(0),

src/packet/public_key_macro.rs

@@ -141,6 +141,7 @@ macro_rules! impl_public_key {
 
                 config
                     .pub_alg(key.algorithm())
+                    .hash_alg(key.hash_alg())
                     .hashed_subpackets(vec![$crate::packet::Subpacket::regular(
                         $crate::packet::SubpacketData::SignatureCreationTime(
                             chrono::Utc::now().trunc_subsecs(0),

src/packet/secret_key_macro.rs

@@ -138,6 +138,7 @@ macro_rules! impl_secret_key {
 
                 config
                     .pub_alg(key.algorithm())
+                    .hash_alg(key.hash_alg())
                     .hashed_subpackets(vec![$crate::packet::Subpacket::regular(
                         $crate::packet::SubpacketData::SignatureCreationTime(
                             chrono::Utc::now().trunc_subsecs(0),

src/packet/signature/config.rs

@@ -18,8 +18,6 @@ pub struct SignatureConfig {
     pub version: SignatureVersion,
     pub typ: SignatureType,
     pub pub_alg: PublicKeyAlgorithm,
-
-    #[builder(default)]
     pub hash_alg: HashAlgorithm,
 
     pub unhashed_subpackets: Vec<Subpacket>,

src/packet/user_attribute.rs

@@ -68,6 +68,7 @@ impl UserAttribute {
         let config = SignatureConfigBuilder::default()
             .typ(SignatureType::CertGeneric)
             .pub_alg(key.algorithm())
+            .hash_alg(key.hash_alg())
             .hashed_subpackets(vec![Subpacket::regular(
                 SubpacketData::SignatureCreationTime(Utc::now().trunc_subsecs(0)),
             )])

src/packet/user_id.rs

@@ -45,6 +45,7 @@ impl UserId {
         let config = SignatureConfigBuilder::default()
             .typ(SignatureType::CertGeneric)
             .pub_alg(key.algorithm())
+            .hash_alg(key.hash_alg())
             .hashed_subpackets(vec![Subpacket::regular(
                 SubpacketData::SignatureCreationTime(Utc::now().trunc_subsecs(0)),
             )])