Specification for Kyber in GnuPG

Werner Koch wk at gnupg.org
Tue May 7 09:26:01 CEST 2024


On Mon,  6 May 2024 17:24, Simon Josefsson said:

> I haven't chaised the entire chain -- does it bind to the master key
> fingerprint only, or to the Ecc+Kyber subkey too?

You mean the primary key?  No, it does not because that is not intended
by OpenPGP.  Doing so would not allow to move a subkey to another master
key.

> Including the public key in the KEK binding has been discussed before,
> some references:

Only taking the algorithm id is good iff there is one algorithm id per
ECC+ML-KEM combination.  This is not the case here and thus we need to
adjust for it.  Frankly, keeping the algo id is superfluous as it it
also part of the fingerprint but it does not harm either.

The other choice, would be to include the entire public key as in an
early draft, but the fingerprint is easier to describe.


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20240507/5832d00b/attachment.sig>


More information about the Gnupg-devel mailing list