diff --git a/libs/netpgp/src/signature.c b/libs/netpgp/src/signature.c
index 463f36c2..531e3166 100644
--- a/libs/netpgp/src/signature.c
+++ b/libs/netpgp/src/signature.c
@@ -909,6 +909,7 @@ pgp_add_key_flags(pgp_create_sig_t *sig, uint8_t flags)
     pgp_write_scalar(sig->output, (unsigned int)flags, 1);
 }
 
+#if 0 ///////
 unsigned
 pgp_add_key_prefs(pgp_create_sig_t *sig)
 {
@@ -927,16 +928,17 @@ pgp_add_key_prefs(pgp_create_sig_t *sig)
         /* Hash algo prefs */
         pgp_write_ss_header(sig->output, 6, PGP_PTAG_SS_PREFERRED_HASH) &&
         pgp_write_scalar(sig->output, PGP_HASH_SHA256, 1) &&
+        pgp_write_scalar(sig->output, PGP_HASH_SHA1, 1) &&
         pgp_write_scalar(sig->output, PGP_HASH_SHA384, 1) &&
         pgp_write_scalar(sig->output, PGP_HASH_SHA512, 1) &&
         pgp_write_scalar(sig->output, PGP_HASH_SHA224, 1) &&
-        pgp_write_scalar(sig->output, PGP_HASH_SHA1, 1) && // Edit for Autocrypt/Delta Chat: due to the weak SHA1, it should not be preferred
 
         /* Compression algo prefs */
-        pgp_write_ss_header(sig->output, 2/*1+number of following items*/, PGP_PTAG_SS_PREF_COMPRESS) &&
-        pgp_write_scalar(sig->output, PGP_C_ZLIB, 1) /*&& -- not sure if Delta Chat will support bzip2 on all platforms, however, this is not that important as typical files are compressed themselves and text is not that big
-        pgp_write_scalar(sig->output, PGP_C_BZIP2, 1) -- if you re-enable this, do not forget to modifiy the header count*/;
+        pgp_write_ss_header(sig->output, 3, PGP_PTAG_SS_PREF_COMPRESS) &&
+        pgp_write_scalar(sig->output, PGP_C_ZLIB, 1) &&
+        pgp_write_scalar(sig->output, PGP_C_BZIP2, 1);
 }
+#endif //////
 
 unsigned
 pgp_add_key_features(pgp_create_sig_t *sig)
diff --git a/src/mre2ee_driver_openssl.c b/src/mre2ee_driver_openssl.c
index 5a4cd114..1d2706b5 100644
--- a/src/mre2ee_driver_openssl.c
+++ b/src/mre2ee_driver_openssl.c
@@ -93,9 +93,36 @@ void mre2ee_driver_exit(mrmailbox_t* mailbox)
  ******************************************************************************/
 
 
+static unsigned add_key_prefs(pgp_create_sig_t *sig)
+{
+    /* similar to pgp_add_key_prefs(), Mimic of GPG default settings, limited to supported algos */
+    return
+        /* Symmetric algo prefs */
+        pgp_write_ss_header(sig->output, 6, PGP_PTAG_SS_PREFERRED_SKA) &&
+        pgp_write_scalar(sig->output, PGP_SA_AES_256, 1) &&
+        pgp_write_scalar(sig->output, PGP_SA_AES_128, 1) &&
+        pgp_write_scalar(sig->output, PGP_SA_CAST5, 1) &&
+        pgp_write_scalar(sig->output, PGP_SA_TRIPLEDES, 1) &&
+        pgp_write_scalar(sig->output, PGP_SA_IDEA, 1) &&
+
+        /* Hash algo prefs, the first algo is the preferred algo */
+        pgp_write_ss_header(sig->output, 6, PGP_PTAG_SS_PREFERRED_HASH) &&
+        pgp_write_scalar(sig->output, PGP_HASH_SHA256, 1) &&
+        pgp_write_scalar(sig->output, PGP_HASH_SHA384, 1) &&
+        pgp_write_scalar(sig->output, PGP_HASH_SHA512, 1) &&
+        pgp_write_scalar(sig->output, PGP_HASH_SHA224, 1) &&
+        pgp_write_scalar(sig->output, PGP_HASH_SHA1, 1) && /* Edit for Autocrypt/Delta Chat: due to the weak SHA1, it should not be preferred */
+
+        /* Compression algo prefs */
+        pgp_write_ss_header(sig->output, 2/*1+number of following items*/, PGP_PTAG_SS_PREF_COMPRESS) &&
+        pgp_write_scalar(sig->output, PGP_C_ZLIB, 1) /*&& -- not sure if Delta Chat will support bzip2 on all platforms, however, this is not that important as typical files are compressed themselves and text is not that big
+        pgp_write_scalar(sig->output, PGP_C_BZIP2, 1) -- if you re-enable this, do not forget to modifiy the header count*/;
+}
+
+
 static void add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, const uint8_t *userid, time_t key_expiry)
 {
-	/* close to pgp_add_selfsigned_userid() which, however, uses different key flags */
+	/* similar to pgp_add_selfsigned_userid() which, however, uses different key flags */
 	pgp_create_sig_t	*sig;
 	pgp_subpacket_t	 sigpacket;
 	pgp_memory_t		*mem_sig = NULL;
@@ -110,8 +137,8 @@ static void add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, const uint8_
 	pgp_add_issuer_keyid(sig, skey->pubkeyid);
 	pgp_add_primary_userid(sig, 1);
 	pgp_add_key_flags(sig, PGP_KEYFLAG_SIGN_DATA|PGP_KEYFLAG_CERT_KEYS);
-	pgp_add_key_prefs(sig);
-	pgp_add_key_features(sig);
+	add_key_prefs(sig);
+	pgp_add_key_features(sig); /* will add 0x01 - modification detection */
 
 	pgp_end_hashed_subpkts(sig);
 
@@ -135,9 +162,9 @@ static void add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, const uint8_
 }
 
 
-static void add_subkey_binding_structure(pgp_subkeysig_t* p, pgp_key_t* primarykey, pgp_key_t* subkey, pgp_key_t* seckey)
+static void add_subkey_binding_signature(pgp_subkeysig_t* p, pgp_key_t* primarykey, pgp_key_t* subkey, pgp_key_t* seckey)
 {
-	//pgp_subkeysig_t*  p = &pubkey.subkeysigs[pubkey.subkeysigc++];
+	/*add "0x18: Subkey Binding Signature" packet, PGP_SIG_SUBKEY */
 	pgp_create_sig_t* sig;
 	pgp_output_t*     sigoutput = NULL;
 	pgp_memory_t*     mem_sig = NULL;
@@ -148,10 +175,8 @@ static void add_subkey_binding_structure(pgp_subkeysig_t* p, pgp_key_t* primaryk
 	pgp_add_creation_time(sig, time(NULL));
 	pgp_add_key_expiration_time(sig, 0);
 	pgp_add_issuer_keyid(sig, seckey->pubkeyid);
-	//pgp_add_primary_userid(sig, 1); // seems not be needed for "Subkey Binding Signature"
 	pgp_add_key_flags(sig, PGP_KEYFLAG_ENC_STORAGE|PGP_KEYFLAG_ENC_COMM);
-	pgp_add_key_prefs(sig); // algo/hash/compression preferences seems not to be required for subkeys, however, skipping this results in a bad structure
-	//pgp_add_key_features(sig); // will add 0x01 - modification detection, not needed for subkeys
+	add_key_prefs(sig); // algo/hash/compression preferences seems not to be required for subkeys, however, skipping this results in a bad structure
 
 	pgp_end_hashed_subpkts(sig);
 
@@ -215,7 +240,7 @@ int mre2ee_driver_create_keypair(mrmailbox_t* mailbox, const char* addr, mrkey_t
 	}
 
 
-	/* Create public key
+	/* Create public key, bind public subkey to public key
 	------------------------------------------------------------------------ */
 
 	pubkey.type = PGP_PTAG_CT_PUBLIC_KEY;
@@ -224,7 +249,6 @@ int mre2ee_driver_create_keypair(mrmailbox_t* mailbox, const char* addr, mrkey_t
 	pgp_fingerprint(&pubkey.pubkeyfpr, &seckey.key.pubkey, 0);
 	add_selfsigned_userid(&seckey, &pubkey, (const uint8_t*)user_id, 0/*never expire*/);
 
-	/* add subkey to public key and sign it (cmp. pgp_update_subkey()) */
 	EXPAND_ARRAY((&pubkey), subkey);
 	{
 		pgp_subkey_t* p = &pubkey.subkeys[pubkey.subkeyc++];
@@ -233,45 +257,11 @@ int mre2ee_driver_create_keypair(mrmailbox_t* mailbox, const char* addr, mrkey_t
 		memcpy(p->id, subkeyid, PGP_KEY_ID_SIZE);
 	}
 
-	// add "0x18: Subkey Binding Signature" packet, PGP_SIG_SUBKEY, see also pgp_update_subkey()
 	EXPAND_ARRAY((&pubkey), subkeysig);
-	add_subkey_binding_structure(&pubkey.subkeysigs[pubkey.subkeysigc++], &pubkey, &subkey, &seckey);
-	#if 0
-	{
-		pgp_subkeysig_t*  p = &pubkey.subkeysigs[pubkey.subkeysigc++];
-		pgp_create_sig_t* sig;
-		pgp_output_t*     sigoutput = NULL;
-		pgp_memory_t*     mem_sig = NULL;
-
-		sig = pgp_create_sig_new();
-		pgp_sig_start_key_sig(sig, &pubkey.key.pubkey, &subkey.key.pubkey, NULL, PGP_SIG_SUBKEY);
-
-		pgp_add_creation_time(sig, time(NULL));
-		pgp_add_key_expiration_time(sig, 0);
-		pgp_add_issuer_keyid(sig, seckey.pubkeyid);
-		//pgp_add_primary_userid(sig, 1); // seems not be needed for "Subkey Binding Signature"
-		pgp_add_key_flags(sig, PGP_KEYFLAG_ENC_STORAGE|PGP_KEYFLAG_ENC_COMM);
-		pgp_add_key_prefs(sig); // algo/hash/compression preferences seems not to be required for subkeys, however, skipping this results in a bad structure
-		//pgp_add_key_features(sig); // will add 0x01 - modification detection, not needed for subkeys
-
-		pgp_end_hashed_subpkts(sig);
-
-		pgp_setup_memory_write(&sigoutput, &mem_sig, 128);
-		pgp_write_sig(sigoutput, sig, &seckey.key.seckey.pubkey, &seckey.key.seckey);
-
-		p->subkey         = pubkey.subkeyc-1; /* index of subkey in array */
-		p->packet.length  = mem_sig->length;
-		p->packet.raw     = mem_sig->buf; mem_sig->buf = NULL; /* move ownership to packet */
-		copy_sig_info(&p->siginfo, &sig->sig.info); /* not sure, if this is okay, however, siginfo should be set up, otherwise we get "bad info-type" errors */
-
-		pgp_create_sig_delete(sig);
-		pgp_output_delete(sigoutput);
-		free(mem_sig); /* do not use pgp_memory_free() as this would also free mem_sig->buf which is owned by the packet */
-	}
-	#endif
+	add_subkey_binding_signature(&pubkey.subkeysigs[pubkey.subkeysigc++], &pubkey, &subkey, &seckey);
 
 
-	/* Create secret key
+	/* Create secret key, bind secret subkey to secret key
 	------------------------------------------------------------------------ */
 
 	EXPAND_ARRAY((&seckey), subkey);
@@ -283,7 +273,8 @@ int mre2ee_driver_create_keypair(mrmailbox_t* mailbox, const char* addr, mrkey_t
 	}
 
 	EXPAND_ARRAY((&seckey), subkeysig);
-	add_subkey_binding_structure(&seckey.subkeysigs[seckey.subkeysigc++], &seckey, &subkey, &seckey);
+	add_subkey_binding_signature(&seckey.subkeysigs[seckey.subkeysigc++], &seckey, &subkey, &seckey);
+
 
 	/* Done with key generation, write binary keys to memory
 	------------------------------------------------------------------------ */