diff options
| author | Damien Goutte-Gattat via Gnupg-devel <[email protected]> | 2025-01-03 20:59:58 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2025-01-06 17:17:07 +0000 |
| commit | 72e3fddbfe7b9f8e691076dbeea5588b9f20cc2f (patch) | |
| tree | 7708fcdfda3abc023c8dd9fbadadb4534a7987f8 /dirmngr/misc.c | |
| parent | gpg: Allow smaller session keys with Kyber (diff) | |
| download | gnupg-72e3fddbfe7b9f8e691076dbeea5588b9f20cc2f.tar.gz gnupg-72e3fddbfe7b9f8e691076dbeea5588b9f20cc2f.zip | |
gpg: Force the use of AES-256 in some cases
* g10/encrypt.c (create_dek_with_warnings): Forcefully use AES-256 if
PQC encryption was required or if all recipient keys are Kyber keys.
--
If --require-pqc-encryption was set, then it should be safe to always
force AES-256, without even checking if we are encrypting to Kyber keys
(if some recipients do not have Kyber keys, --require-pqc-encryption
will fail elsewhere).
Otherwise, we force AES-256 if we encrypt *only* to Kyber keys -- unless
the user explicitly requested another algo, in which case we assume they
know what they are doing.
GnuPG-bug-id: 7472
Signed-off-by: Damien Goutte-Gattat <[email protected]>
Man page entry extended
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'dirmngr/misc.c')
0 files changed, 0 insertions, 0 deletions