gpg: New option --disable-pqc-encryption.

* g10/options.h (flags): Add field disable_pqc_encryption.
* g10/gpg.c (oDisablePQCEncryption): New.
(opts): Add --option.
(main): Set option.
* g10/getkey.c (finish_lookup): Skip subkeys if option is set.
--

This option can be used to avoid the use of Kyber encryption subkeys
if this does not make sense (i.e. protection of local files).

2 files changed, 11 insertions, 0 deletions

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 9a621c89b..5f93e9f8c 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3157,6 +3157,13 @@ ML-KEM1024) algorithms and AES-256 are considered quantum-resistant;
 Kyber is always used in a composite scheme along with a classic ECC
 algorithm.
 
+@item --disable-pqc-encryption
+@opindex disable-pqc-encryption
+This option disables the use of quantum-resistant subkeys and uses a
+subkey with a non-quantum-resistant algorithm if available or throw an
+error otherwise.  The option is ignored if
+@option{--require-pqc-encryption} is active.
+
 @item --require-compliance
 @opindex require-compliance
 To check that data has been encrypted according to the rules of the
diff --git a/doc/keyformat.txt b/doc/keyformat.txt
index dadfed4eb..912e65dd9 100644
--- a/doc/keyformat.txt
+++ b/doc/keyformat.txt
@@ -89,6 +89,10 @@ The UTC time the key was created in ISO compressed format
 (yyyymmddThhmmss).  This information can be used to re-create an
 OpenPGP key.
 
+*** Link
+For a composite key this item gives the keygrip of the other key part.
+In particular Kyber keys may use this to link to the ECC part and vice versa.
+
 *** Label
 This is a short human readable description for the key which can be
 used by the software to describe the key in a user interface.  For