security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

gpg: New option --disable-pqc-encryption.

Browse source 
* g10/options.h (flags): Add field disable_pqc_encryption.
* g10/gpg.c (oDisablePQCEncryption): New.
(opts): Add --option.
(main): Set option.
* g10/getkey.c (finish_lookup): Skip subkeys if option is set.
--

This option can be used to avoid the use of Kyber encryption subkeys
if this does not make sense (i.e. protection of local files).
This commit is contained in:
Werner Koch 2025-02-06 17:45:23 +01:00
parent da9fb6bd16
commit 00c31f8b04
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
5 changed files with 29 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
doc/gpg.texi
View file

@ -3157,6 +3157,13 @@ ML-KEM1024) algorithms and AES-256 are considered quantum-resistant;
Kyber is always used in a composite scheme along with a classic ECC
algorithm.
@item --disable-pqc-encryption
@opindex disable-pqc-encryption
This option disables the use of quantum-resistant subkeys and uses a
subkey with a non-quantum-resistant algorithm if available or throw an
error otherwise. The option is ignored if
@option{--require-pqc-encryption} is active.
@item --require-compliance
@opindex require-compliance
To check that data has been encrypted according to the rules of the