[PATCH GnuPG 0/2] Allow AES-128 with Kyber, but force AES-256
Damien Goutte-Gattat
dgouttegattat at incenp.org
Fri Jan 3 21:59:56 CET 2025
The following patch set attempts to fix issue 7472 [1] by:
* when decrypting a session key encrypted to a Kyber key, accepting a
session key of any size, and simply printing a warning if quantum
resistance was required;
* when encrypting, force the use of AES-256 (overriding key and user
preferences if needed) if quantum resistance has been requested, or
if we only encrypt to Kyber keys and the user did not explicitly
request a different algo with --cipher-algo.
[1] https://dev.gnupg.org/T7472
Damien Goutte-Gattat (2):
gpg: Allow smaller session keys with Kyber
gpg: Force the use of AES-256 in some cases
g10/encrypt.c | 19 +++++++++++++++++++
g10/pubkey-enc.c | 8 ++------
2 files changed, 21 insertions(+), 6 deletions(-)
--
2.46.2
More information about the Gnupg-devel
mailing list