security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-24 15:17:02 +01:00
Code Activity

gpg: Force the use of AES-256 in some cases

Browse Source 
* g10/encrypt.c (create_dek_with_warnings): Forcefully use AES-256 if
PQC encryption was required or if all recipient keys are Kyber keys.
--

If --require-pqc-encryption was set, then it should be safe to always
force AES-256, without even checking if we are encrypting to Kyber keys
(if some recipients do not have Kyber keys, --require-pqc-encryption
will fail elsewhere).

Otherwise, we force AES-256 if we encrypt *only* to Kyber keys -- unless
the user explicitly requested another algo, in which case we assume they
know what they are doing.

GnuPG-bug-id: 7472
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>

Man page entry extended

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Damien Goutte-Gattat via Gnupg-devel 2025-01-03 20:59:58 +00:00 committed by Werner Koch
parent 80828512b6
commit 72e3fddbfe
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/gpg.texi
View File

@ -3149,10 +3149,12 @@ keys into non-VS-NfD compliant keys.
@opindex require-pqc-encryption @opindex require-pqc-encryption
This option forces the use of quantum-resistant encryption algorithms. This option forces the use of quantum-resistant encryption algorithms.
If not all public keys are quantum-resistant the encryption will fail. If not all public keys are quantum-resistant the encryption will fail.
On decryption a warning is printed for all non-quantum-resistant keys. The use of the symmetric encryption algorithm AES-256 is also enforced
As of now the Kyber (ML-KEM768 and ML-KEM1024) algorithms are by this option. On decryption a warning is printed for all
considered quantum-resistant; Kyber is always used in a composite non-quantum-resistant keys. As of now the Kyber (ML-KEM768 and
scheme along with a classic ECC algorithm. ML-KEM1024) algorithms and AES-256 are considered quantum-resistant;
Kyber is always used in a composite scheme along with a classic ECC
algorithm.
@item --require-compliance @item --require-compliance
@opindex require-compliance @opindex require-compliance

19
g10/encrypt.c
View File

@ -139,6 +139,25 @@ create_dek_with_warnings (pk_list_t pk_list)
dek->algo = opt.def_cipher_algo; dek->algo = opt.def_cipher_algo;
} }
if (dek->algo != CIPHER_ALGO_AES256)
{
/* If quantum resistance was explicitly required, we force the
* use of AES256 no matter what. Otherwise, we force AES256 if we
* encrypt to Kyber keys only and the user did not explicity
* request another another algo. */
if (opt.flags.require_pqc_encryption)
dek->algo = CIPHER_ALGO_AES256;
else if (!opt.def_cipher_algo)
{
int non_kyber_pk = 0;
for ( ; pk_list; pk_list = pk_list->next)
if (pk_list->pk->pubkey_algo != PUBKEY_ALGO_KYBER)
non_kyber_pk += 1;
if (!non_kyber_pk)
dek->algo = CIPHER_ALGO_AES256;
}
}
return dek; return dek;
} }