From 12ac129a709c24ec661a9dec02f2c25c1b6e9450 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 11 Jun 2024 15:39:00 +0200 Subject: [PATCH] gpg: Allow shortcut algo string "pqc" for --quick-gen-key. * g10/keygen.c (PQC_STD_KEY_PARAM): New. (quickgen_set_para): Always store the provided NBITS. (parse_key_parameter_string): Detect the special value "pqc". (quick_generate_keypair): Ditto. -- With this change we can finally do a gpg --quick-gen-key --batch --passphrase='' foo@example.org pqc and get a full key. Currently with a brainpoolp386r1 primary key and a Kyber768_brainpoolp256 subkey. --- doc/gpg.texi | 14 ++++++++------ g10/keygen.c | 20 ++++++++++++-------- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index 203f3339f..b69f39fe9 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -686,12 +686,14 @@ force the creation of the key will show up. If @var{algo} or @var{usage} are given, only the primary key is created and no prompts are shown. To specify an expiration date but -still create a primary and subkey use ``default'' or -``future-default'' for @var{algo} and ``default'' for @var{usage}. -For a description of these optional arguments see the command -@code{--quick-add-key}. The @var{usage} accepts also the value -``cert'' which can be used to create a certification only primary key; -the default is to a create certification and signing key. +still create a primary and a subkey use ``default'', +``future-default'', or ``pqc'' for @var{algo} and ``default'' for +@var{usage}. For a description of these optional arguments see the +command @code{--quick-add-key}; the value ``pqc'' create a key with a +quantum-resistant encryption encryption subkey. The @var{usage} +accepts also the value ``cert'' which can be used to create a +certification only primary key; the default is to a create +certification and signing key. The @var{expire} argument can be used to specify an expiration date for the key. Several formats are supported; commonly the ISO formats diff --git a/g10/keygen.c b/g10/keygen.c index 66fe681de..ff14032c0 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -53,6 +53,7 @@ default answer in ask_algo also needs to be adjusted. */ #define DEFAULT_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr" #define FUTURE_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr" +#define PQC_STD_KEY_PARAM "bp384/cert,sign+kyber768_bp256/encr" /* When generating keys using the streamlined key generation dialog, use this as a default expiration interval. */ @@ -4292,6 +4293,8 @@ parse_key_parameter_string (ctrl_t ctrl, else if (!ascii_strcasecmp (string, "future-default") || !ascii_strcasecmp (string, "futuredefault")) string = FUTURE_STD_KEY_PARAM; + else if (!ascii_strcasecmp (string, "pqc")) + string = PQC_STD_KEY_PARAM; else if (!ascii_strcasecmp (string, "card")) string = "card/cert,sign+card/encr"; @@ -5281,14 +5284,14 @@ quickgen_set_para (struct para_data_s *para, int for_subkey, r->next = para; para = r; } - else - { - r = xmalloc_clear (sizeof *r + 20); - r->key = for_subkey? pSUBKEYLENGTH : pKEYLENGTH; - sprintf (r->u.value, "%u", nbits); - r->next = para; - para = r; - } + + /* Always store the size - although not required for ECC it is + * required for compiste algos. Should not harm anyway. */ + r = xmalloc_clear (sizeof *r + 20); + r->key = for_subkey? pSUBKEYLENGTH : pKEYLENGTH; + sprintf (r->u.value, "%u", nbits); + r->next = para; + para = r; r = xmalloc_clear (sizeof *r + 20); r->key = for_subkey? pSUBVERSION : pVERSION; @@ -5394,6 +5397,7 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr, if ((!*algostr || !ascii_strcasecmp (algostr, "default") || !ascii_strcasecmp (algostr, "future-default") || !ascii_strcasecmp (algostr, "futuredefault") + || !ascii_strcasecmp (algostr, "pqc") || !ascii_strcasecmp (algostr, "card")) && (!*usagestr || !ascii_strcasecmp (usagestr, "default") || !strcmp (usagestr, "-")))