gpg: New option --disable-pqc-encryption.

* g10/options.h (flags): Add field disable_pqc_encryption. * g10/gpg.c (oDisablePQCEncryption): New. (opts): Add --option. (main): Set option. * g10/getkey.c (finish_lookup): Skip subkeys if option is set. -- This option can be used to avoid the use of Kyber encryption subkeys if this does not make sense (i.e. protection of local files).
author: Werner Koch <[email protected]> 2025-02-06 16:45:23 +0000
committer: Werner Koch <[email protected]> 2025-02-06 16:45:23 +0000
commit: 00c31f8b04a41dcf1ee8f57e1225e12c999a37a9 (patch)
tree: ea996854fe8fbcff8d805c3ff086361a3f1a06d1 /doc/gpg.texi
parent: kbx: Fix for building without keyboxd. (diff)
download: gnupg-00c31f8b04a41dcf1ee8f57e1225e12c999a37a9.tar.gz
gnupg-00c31f8b04a41dcf1ee8f57e1225e12c999a37a9.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 9a621c89b..5f93e9f8c 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3157,6 +3157,13 @@ ML-KEM1024) algorithms and AES-256 are considered quantum-resistant;
 Kyber is always used in a composite scheme along with a classic ECC
 algorithm.
 
+@item --disable-pqc-encryption
+@opindex disable-pqc-encryption
+This option disables the use of quantum-resistant subkeys and uses a
+subkey with a non-quantum-resistant algorithm if available or throw an
+error otherwise.  The option is ignored if
+@option{--require-pqc-encryption} is active.
+
 @item --require-compliance
 @opindex require-compliance
 To check that data has been encrypted according to the rules of the
author	Werner Koch <[email protected]>	2025-02-06 16:45:23 +0000
committer	Werner Koch <[email protected]>	2025-02-06 16:45:23 +0000
commit	00c31f8b04a41dcf1ee8f57e1225e12c999a37a9 (patch)
tree	ea996854fe8fbcff8d805c3ff086361a3f1a06d1 /doc/gpg.texi
parent	kbx: Fix for building without keyboxd. (diff)
download	gnupg-00c31f8b04a41dcf1ee8f57e1225e12c999a37a9.tar.gz gnupg-00c31f8b04a41dcf1ee8f57e1225e12c999a37a9.zip