diff options
| author | Werner Koch <wk@gnupg.org> | 2024-04-24 09:56:30 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2024-04-24 09:57:07 +0200 |
| commit | 2958e5e4cfff8e7e8a8a113dca65dec028deb5aa (patch) | |
| tree | 2f950ebbcf95674a6b66942352fdfa0b9744687a /doc | |
| parent | agent:kem: Factor out ECC KEM operation from composite KEM. (diff) | |
| download | gnupg2-2958e5e4cfff8e7e8a8a113dca65dec028deb5aa.tar.xz gnupg2-2958e5e4cfff8e7e8a8a113dca65dec028deb5aa.zip | |
gpg: New option --require-pqc-encryption
* g10/gpg.c (oRequirePQCEncryption): New.
(opts): Add option.
(main): Set option.
* g10/mainproc.c (print_pkenc_list): Print a warning.
* g10/options.h (flags): Add flag require_pqc_encryption.
* g10/getkey.c (finish_lookup): Skip non-pqc keys if the option is
set.
--
GnuPG-bug-id: 6815
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/gpg.texi | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index 10a1937f6..446189b4b 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3146,6 +3146,15 @@ This option adjusts the compliance mode "de-vs" for stricter key size requirements. For example, a value of 3000 turns rsa2048 and dsa2048 keys into non-VS-NfD compliant keys. +@item --require-pqc-encryption +@opindex require-pqc-encryption +This option forces the use of quantum-resistant encryption algorithms. +If not all public keys are quantum-resistant the encryption will fail. +On decryption a warning is printed for all non-quantum-resistant keys. +As of now the Kyber (ML-KEM768 and ML-KEM1024) algorithms are +considered quantum-resistant; Kyber is always used in a composite +scheme along with a classic ECC algorithm. + @item --require-compliance @opindex require-compliance To check that data has been encrypted according to the rules of the |