gpg: New option --disable-pqc-encryption.

* g10/options.h (flags): Add field disable_pqc_encryption.
* g10/gpg.c (oDisablePQCEncryption): New.
(opts): Add --option.
(main): Set option.
* g10/getkey.c (finish_lookup): Skip subkeys if option is set.
--

This option can be used to avoid the use of Kyber encryption subkeys
if this does not make sense (i.e. protection of local files).

5 files changed, 29 insertions, 0 deletions

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 9a621c89b..5f93e9f8c 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3157,6 +3157,13 @@ ML-KEM1024) algorithms and AES-256 are considered quantum-resistant;
 Kyber is always used in a composite scheme along with a classic ECC
 algorithm.
 
+@item --disable-pqc-encryption
+@opindex disable-pqc-encryption
+This option disables the use of quantum-resistant subkeys and uses a
+subkey with a non-quantum-resistant algorithm if available or throw an
+error otherwise.  The option is ignored if
+@option{--require-pqc-encryption} is active.
+
 @item --require-compliance
 @opindex require-compliance
 To check that data has been encrypted according to the rules of the
diff --git a/doc/keyformat.txt b/doc/keyformat.txt
index dadfed4eb..912e65dd9 100644
--- a/doc/keyformat.txt
+++ b/doc/keyformat.txt
@@ -89,6 +89,10 @@ The UTC time the key was created in ISO compressed format
 (yyyymmddThhmmss).  This information can be used to re-create an
 OpenPGP key.
 
+*** Link
+For a composite key this item gives the keygrip of the other key part.
+In particular Kyber keys may use this to link to the ECC part and vice versa.
+
 *** Label
 This is a short human readable description for the key which can be
 used by the software to describe the key in a user interface.  For
diff --git a/g10/getkey.c b/g10/getkey.c
index a5effb606..a841aeec8 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3804,6 +3804,14 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
 			   req_usage, pk->pubkey_usage);
 	      continue;
 	    }
+	  if (opt.flags.disable_pqc_encryption
+              && pk->pubkey_algo == PUBKEY_ALGO_KYBER)
+	    {
+	      if (DBG_LOOKUP)
+                log_debug ("\tsubkey skipped due to option %s\n",
+                           "--disable-pqc-encryption");
+	      continue;
+	    }
 
           n_subkeys++;
 	  if (pk->flags.revoked)
diff --git a/g10/gpg.c b/g10/gpg.c
index 994b83b94..db898c41d 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -461,6 +461,7 @@ enum cmd_and_opt_values
     oAssertPubkeyAlgo,
     oKbxBufferSize,
     oRequirePQCEncryption,
+    oDisablePQCEncryption,
     oProcAllSigs,
 
     oNoop
@@ -907,6 +908,7 @@ static gpgrt_opt_t opts[] = {
   ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
   ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
   ARGPARSE_s_n (oRequirePQCEncryption, "require-pqc-encryption", "@"),
+  ARGPARSE_s_n (oDisablePQCEncryption, "disable-pqc-encryption", "@"),
 
   ARGPARSE_header (NULL, N_("Options for unattended use")),
 
@@ -3095,6 +3097,11 @@ main (int argc, char **argv)
 	  case oMinRSALength: opt.min_rsa_length = pargs.r.ret_ulong; break;
           case oRequirePQCEncryption:
             opt.flags.require_pqc_encryption = 1;
+            opt.flags.disable_pqc_encryption = 0;
+            break;
+          case oDisablePQCEncryption:
+            if (!opt.flags.require_pqc_encryption)
+              opt.flags.disable_pqc_encryption = 1;
             break;
 
           case oRFC2440Text: opt.rfc2440_text=1; break;
diff --git a/g10/options.h b/g10/options.h
index 6f5017196..89f04526f 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -308,6 +308,9 @@ struct
     unsigned int require_compliance:1;
     /* Fail encryption unless a PQC algorithm is used.  */
     unsigned int require_pqc_encryption:1;
+    /* Do not use PQC subkeys for encryption.  This is never set if
+     * require_pqc_encryption is also set.  */
+    unsigned int disable_pqc_encryption:1;
     /* Process all signatures even in batch mode.  */
     unsigned int proc_all_sigs:1;
   } flags;