Opengpg smartcard specs for kyber (PQC) algorithm

Werner Koch wk at gnupg.org
Thu May 8 09:48:55 CEST 2025 

Hi!

On Wed,  7 May 2025 16:23, kevin said:

> support for kyber algorithm. I think with the release of opengpg v2.6
> , kyber algorithm would be in the stable releases stage. So i am
> wondering if this is planned for smart card too or already in the

I have seen a report that Infinion has a new chip with Kyber support. I
guess it will be a long way until this will generally be available.

However, such a smartcard also needs to implement another ECDH capable
algorithm because we use (as per BSI requirement) two public key
algorithms as a safeguard on case that Kyber truns out to have
weaknesses.

If you are interested in smartcard support I would suggest to use a
smartcard with an ECC algorithm and an on-disk Kyber key.  GnuPG 2.5.5
already supports this by allowing to specify the keys used for a new
OpenPGP certificate using two keygrips: At the "Enter the Keygrip:"
prompt give both keygrips delimuted by a command.  For the Kyber part
first create a dummy key (or use gpg-connect-agent to create the Kyber
key part) and use its keygrip along with the keygrip of an on-card ECC
key.

Given the threat of store-now-decrypt-later the Kyber part of the
encryption is sufficient to counter this attack.  The ECC part on the
smartcard the protects the classical attacks.  How if someone gets hold
of your disk and the passphrase it would be more useful for him to get
the plaintext directly and not to wait for the Heffalump.


Shalom-Salam,

   Werner



p.s.
Here is how you can create a plain kyber key which is stored in the
private keys directory.  Leave the --no-protection out if you want to
protect the key with a passphrase.

  $ gpg-connect-agent
  > /let param (genkey(kyber1024))
  > /definq KEYPARAM param
  > /datafile a.pub
  > genkey --no-protection
  S INQUIRE_MAXLEN 1024
  INQUIRE KEYPARAM
  S KEYGRIP EF99623FD1F2F8AE91D305689C769245E5C53DCF
  OK

The public key can be found as an s-expression in a.out.  Do this
without prompst this way:

  $ gpg-connect-agent "/let param (genkey(kyber1024))" \
     "/definq KEYPARAM param" "/datafile a.pub" "genkey --no-protection" /bye




-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250508/acb30785/attachment-0001.sig>

More information about the Gnupg-users mailing list