dkg
commented
1 year ago While this code looks technically correct, it'd probably be better to include a test that shows that encrypting to such an old key works.
However, in the course of looking into making a test, i have to ask whether this is a concretely useful change, or just something that makes the OpenPGP ecosystem worse.
RSA encrypt-only and RSA sign-only keys were formally deprecated ("SHOULD NOT be generated") in RFC 4880, released in November 2007, over 15 years ago.
I don't know of any public key material that is that old that is a good idea to still encrypt to in practice.
For archival purposes, i can see why you might want a test that enables decryption of material with such a secret key, but in general i don't think it's a good idea to enable encryption now, in 2023.
keys made with the RSAEncrypt usage flag should be usable for encryption. keys nowadays are made with the RSAEncryptOrSign but older keys are not.