From 2958e5e4cfff8e7e8a8a113dca65dec028deb5aa Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 24 Apr 2024 09:56:30 +0200
Subject: gpg: New option --require-pqc-encryption

* g10/gpg.c (oRequirePQCEncryption): New.
(opts): Add option.
(main): Set option.
* g10/mainproc.c (print_pkenc_list): Print a warning.
* g10/options.h (flags): Add flag require_pqc_encryption.
* g10/getkey.c (finish_lookup): Skip non-pqc keys if the option is
set.
--

GnuPG-bug-id: 6815
---
 g10/mainproc.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'g10/mainproc.c')

diff --git a/g10/mainproc.c b/g10/mainproc.c
index 48bc463c5..91ababbb6 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -578,6 +578,10 @@ print_pkenc_list (ctrl_t ctrl, struct pubkey_enc_list *list)
                   openpgp_pk_algo_name (list->pubkey_algo),
                   keystr(list->keyid));
 
+      if (opt.flags.require_pqc_encryption
+          && pk->pubkey_algo != PUBKEY_ALGO_KYBER)
+        log_info (_("WARNING: key is not quantum-resistant\n"));
+
       free_public_key (pk);
     }
 }
-- 
cgit v1.2.3