Bug#978990: "hokey lint" fails to identify cross-signature on ed25519 signing-capable subkey

[Daniel Kahn Gillmor]

Package: hopenpgp-tools
Version: 0.23.1-1+b1

my ed25519/cv25519 OpenPGP certificate (attached) gets a complaint from
"hokey lint" that the signing-capable subkey does not have an embedded
cross cert.

In particular, the line is:

   embedded cross-cert: False

which shows up twice. (it should only show up once, for the
encryption-capable cv25519 subkey -- it should *not* show up for the
ed25519 signing-capable subkey)

however, the embedded cross cert is there, because gpg --list-packets
(on the same data) says:

	critical hashed subpkt 32 len 189 (signature: v4, class 0x19, algo 22, digest algo 10)


I note that GnuPG typically creates these cross-certs in the unhashed
subpacket section, and doesn't mark them as "critical".  Maybe "hokey
lint" doesn't recognize the cross-cert because of its
placement/positioning?

thanks for working on hopenpgp-tools!

       --dkg

PS here's a transcript with the relevant error message underlined with ^^^^s

```
0 dkg at alice:~$ gpg --export C29F8A0C01F35E34D816AA5CE092EB3A5CA10DBA | hokey lint
hokey (hopenpgp-tools) 0.23.1
Copyright (C) 2012-2019  Clint Adams
hokey comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions.

Key has potential validity: good
Key has fingerprint: C29F 8A0C 01F3 5E34 D816  AA5C E092 EB3A 5CA1 0DBA
Checking to see if key is OpenPGPv4: V4
Checking to see if key is RSA or DSA (>= 2048-bit): EdDSA 256
Checking user-ID- and user-attribute-related items:
  <dkg at debian.org>:
    Self-sig hash algorithms: [SHA-512]
    Preferred hash algorithms: [SHA-512, SHA-256]
    Key expiration times: [2y11m26d59400s = Sun Dec 24 16:22:55 UTC 2023]
    Key usage flags: [[certify-keys]]
  <dkg at fifthhorseman.net>:
    Self-sig hash algorithms: [SHA-512]
    Preferred hash algorithms: [SHA-512, SHA-256]
    Key expiration times: [2y11m26d59400s = Sun Dec 24 16:22:55 UTC 2023]
    Key usage flags: [[certify-keys]]
  Daniel Kahn Gillmor:
    Self-sig hash algorithms: [SHA-512]
    Preferred hash algorithms: [SHA-512, SHA-256]
    Key expiration times: [2y11m26d59400s = Sun Dec 24 16:22:55 UTC 2023]
    Key usage flags: [[certify-keys]]
Checking subkeys:
  one of the subkeys is encryption-capable: True
  fpr: 2DB5 491C 9DF0 DC8F 4328  63CF 3E9D 7173 71DE 565C
    version: v4
    timestamp: 20201227-162255
    algo/size: EdDSA 256
    binding sig hash algorithms: [SHA-512]
    usage flags: [[sign-data]]
    embedded cross-cert: False
    ^^^^^^^^^^^^^^^^^^^^^^^^^^
    cross-cert hash algorithms: [SHA-512]
  fpr: 61C1 E3C2 410D 201D DB6F  8168 4C39 437E A528 5697
    version: v4
    timestamp: 20201227-162255
    algo/size: ECDH 256
    binding sig hash algorithms: [SHA-512]
    usage flags: [[encrypt-storage, encrypt-communications]]
    embedded cross-cert: False
    cross-cert hash algorithms: [SHA-512]
0 dkg at alice:~$ 
```

-------------- next part --------------
A non-text attachment was scrubbed...
Name: dkg-openpgp-2021.pgp
Type: application/pgp-keys
Size: 2354 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-haskell-maintainers/attachments/20210101/7b55a39d/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-haskell-maintainers/attachments/20210101/7b55a39d/attachment.sig>