S2K is a seperate concept and is used in both secret key packets and SymmetricallyEncryptedSessionKey packets. It should have its own parser and thus its own type. This also cleans up the SecretKeyPacket record considerably (the many Maybe fields were a smell). SecretKeyPacket.s2k should be set to (Just $ SimpleS2K MD5) in fallback cases. symmetric_algorithm should be set to Unencrypted when s2k_useage is 0. s2k_useage itself is only needed for the different between 255 and 254 (different checksum). Round trip encode/decode tests for S2K work.