security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg: New option --require-pqc-encryption

Browse source 
* g10/gpg.c (oRequirePQCEncryption): New.
(opts): Add option.
(main): Set option.
* g10/mainproc.c (print_pkenc_list): Print a warning.
* g10/options.h (flags): Add flag require_pqc_encryption.
* g10/getkey.c (finish_lookup): Skip non-pqc keys if the option is
set.
--

GnuPG-bug-id: 6815
This commit is contained in:
Werner Koch 2024-04-24 09:56:30 +02:00
parent a45243548e
commit 2958e5e4cf
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
5 changed files with 36 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
doc/gpg.texi
View file

@ -3146,6 +3146,15 @@ This option adjusts the compliance mode "de-vs" for stricter key size
requirements. For example, a value of 3000 turns rsa2048 and dsa2048
keys into non-VS-NfD compliant keys.
@item --require-pqc-encryption
@opindex require-pqc-encryption
This option forces the use of quantum-resistant encryption algorithms.
If not all public keys are quantum-resistant the encryption will fail.
On decryption a warning is printed for all non-quantum-resistant keys.
As of now the Kyber (ML-KEM768 and ML-KEM1024) algorithms are
considered quantum-resistant; Kyber is always used in a composite
scheme along with a classic ECC algorithm.
@item --require-compliance
@opindex require-compliance
To check that data has been encrypted according to the rules of the