gpg: use policy URI subpacket for marking our public keys

keybase.io does not support experimental/private subpacket IDs

trezor_agent/gpg/decode.py

@@ -127,7 +127,9 @@ def _parse_signature(stream):
         log.debug('embedded sigs: %s', embedded)
         p['embedded'] = embedded
 
-    p['_is_custom'] = (protocol.CUSTOM_SUBPACKET in p['unhashed_subpackets'])
+    # Detect our custom public keys by matching subpacket data
+    p['_is_custom'] = any(protocol.CUSTOM_KEY_LABEL == subpacket[1:]
+                          for subpacket in p['unhashed_subpackets'])
 
     p['hash_prefix'] = stream.readfmt('2s')
     if p['pubkey_alg'] in ECDSA_ALGO_IDS:

trezor_agent/gpg/protocol.py

@@ -167,7 +167,9 @@ SUPPORTED_CURVES = {
 
 ECDH_ALGO_ID = 18
 
-CUSTOM_SUBPACKET = subpacket(100, b'TREZOR-GPG')  # marks "our" pubkey
+CUSTOM_KEY_LABEL = b'TREZOR-GPG'  # marks "our" pubkey
+CUSTOM_SUBPACKET_ID = 26  # use "policy URL" subpacket
+CUSTOM_SUBPACKET = subpacket(CUSTOM_SUBPACKET_ID, CUSTOM_KEY_LABEL)
 
 
 def get_curve_name_by_oid(oid):