diff --git a/doc/gpg.texi b/doc/gpg.texi index 9a621c89b..5f93e9f8c 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3157,6 +3157,13 @@ ML-KEM1024) algorithms and AES-256 are considered quantum-resistant; Kyber is always used in a composite scheme along with a classic ECC algorithm. +@item --disable-pqc-encryption +@opindex disable-pqc-encryption +This option disables the use of quantum-resistant subkeys and uses a +subkey with a non-quantum-resistant algorithm if available or throw an +error otherwise. The option is ignored if +@option{--require-pqc-encryption} is active. + @item --require-compliance @opindex require-compliance To check that data has been encrypted according to the rules of the diff --git a/doc/keyformat.txt b/doc/keyformat.txt index dadfed4eb..912e65dd9 100644 --- a/doc/keyformat.txt +++ b/doc/keyformat.txt @@ -89,6 +89,10 @@ The UTC time the key was created in ISO compressed format (yyyymmddThhmmss). This information can be used to re-create an OpenPGP key. +*** Link +For a composite key this item gives the keygrip of the other key part. +In particular Kyber keys may use this to link to the ECC part and vice versa. + *** Label This is a short human readable description for the key which can be used by the software to describe the key in a user interface. For diff --git a/g10/getkey.c b/g10/getkey.c index a5effb606..a841aeec8 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -3804,6 +3804,14 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact, req_usage, pk->pubkey_usage); continue; } + if (opt.flags.disable_pqc_encryption + && pk->pubkey_algo == PUBKEY_ALGO_KYBER) + { + if (DBG_LOOKUP) + log_debug ("\tsubkey skipped due to option %s\n", + "--disable-pqc-encryption"); + continue; + } n_subkeys++; if (pk->flags.revoked) diff --git a/g10/gpg.c b/g10/gpg.c index 994b83b94..db898c41d 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -461,6 +461,7 @@ enum cmd_and_opt_values oAssertPubkeyAlgo, oKbxBufferSize, oRequirePQCEncryption, + oDisablePQCEncryption, oProcAllSigs, oNoop @@ -907,6 +908,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), ARGPARSE_s_n (oRequirePQCEncryption, "require-pqc-encryption", "@"), + ARGPARSE_s_n (oDisablePQCEncryption, "disable-pqc-encryption", "@"), ARGPARSE_header (NULL, N_("Options for unattended use")), @@ -3095,6 +3097,11 @@ main (int argc, char **argv) case oMinRSALength: opt.min_rsa_length = pargs.r.ret_ulong; break; case oRequirePQCEncryption: opt.flags.require_pqc_encryption = 1; + opt.flags.disable_pqc_encryption = 0; + break; + case oDisablePQCEncryption: + if (!opt.flags.require_pqc_encryption) + opt.flags.disable_pqc_encryption = 1; break; case oRFC2440Text: opt.rfc2440_text=1; break; diff --git a/g10/options.h b/g10/options.h index 6f5017196..89f04526f 100644 --- a/g10/options.h +++ b/g10/options.h @@ -308,6 +308,9 @@ struct unsigned int require_compliance:1; /* Fail encryption unless a PQC algorithm is used. */ unsigned int require_pqc_encryption:1; + /* Do not use PQC subkeys for encryption. This is never set if + * require_pqc_encryption is also set. */ + unsigned int disable_pqc_encryption:1; /* Process all signatures even in batch mode. */ unsigned int proc_all_sigs:1; } flags;