security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

gpg: New option --require-pqc-encryption

Browse source 
* g10/gpg.c (oRequirePQCEncryption): New.
(opts): Add option.
(main): Set option.
* g10/mainproc.c (print_pkenc_list): Print a warning.
* g10/options.h (flags): Add flag require_pqc_encryption.
* g10/getkey.c (finish_lookup): Skip non-pqc keys if the option is
set.
--

GnuPG-bug-id: 6815
This commit is contained in:
Werner Koch 2024-04-24 09:56:30 +02:00
parent a45243548e
commit 2958e5e4cf
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
5 changed files with 36 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

17
g10/getkey.c
View file

@ -3779,6 +3779,16 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
continue;
}
if (opt.flags.require_pqc_encryption
&& (req_usage & PUBKEY_USAGE_ENC)
&& pk->pubkey_algo != PUBKEY_ALGO_KYBER)
{
if (DBG_LOOKUP)
log_debug ("\tsubkey is not quantum-resistant\n");
continue;
}
if (want_secret)
{
int secret_key_avail = agent_probe_secret_key (NULL, pk);
@ -3857,6 +3867,13 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
if (DBG_LOOKUP)
log_debug ("\tprimary key has expired\n");
}
else if (opt.flags.require_pqc_encryption
&& (req_usage & PUBKEY_USAGE_ENC)
&& pk->pubkey_algo != PUBKEY_ALGO_KYBER)
{
if (DBG_LOOKUP)
log_debug ("\tprimary key is not quantum-resistant\n");
}
else /* Okay. */
{
if (DBG_LOOKUP)