From 00c31f8b04a41dcf1ee8f57e1225e12c999a37a9 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 6 Feb 2025 17:45:23 +0100
Subject: gpg: New option --disable-pqc-encryption.

* g10/options.h (flags): Add field disable_pqc_encryption.
* g10/gpg.c (oDisablePQCEncryption): New.
(opts): Add --option.
(main): Set option.
* g10/getkey.c (finish_lookup): Skip subkeys if option is set.
--

This option can be used to avoid the use of Kyber encryption subkeys
if this does not make sense (i.e. protection of local files).
---
 g10/options.h | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'g10/options.h')

diff --git a/g10/options.h b/g10/options.h
index 6f5017196..89f04526f 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -308,6 +308,9 @@ struct
     unsigned int require_compliance:1;
     /* Fail encryption unless a PQC algorithm is used.  */
     unsigned int require_pqc_encryption:1;
+    /* Do not use PQC subkeys for encryption.  This is never set if
+     * require_pqc_encryption is also set.  */
+    unsigned int disable_pqc_encryption:1;
     /* Process all signatures even in batch mode.  */
     unsigned int proc_all_sigs:1;
   } flags;
-- 
cgit v1.2.3