gpg: New option --disable-pqc-encryption.

* g10/options.h (flags): Add field disable_pqc_encryption. * g10/gpg.c (oDisablePQCEncryption): New. (opts): Add --option. (main): Set option. * g10/getkey.c (finish_lookup): Skip subkeys if option is set. -- This option can be used to avoid the use of Kyber encryption subkeys if this does not make sense (i.e. protection of local files).
author: Werner Koch <[email protected]> 2025-02-06 16:45:23 +0000
committer: Werner Koch <[email protected]> 2025-02-06 16:45:23 +0000
commit: 00c31f8b04a41dcf1ee8f57e1225e12c999a37a9 (patch)
tree: ea996854fe8fbcff8d805c3ff086361a3f1a06d1 /g10/getkey.c
parent: kbx: Fix for building without keyboxd. (diff)
download: gnupg-00c31f8b04a41dcf1ee8f57e1225e12c999a37a9.tar.gz
gnupg-00c31f8b04a41dcf1ee8f57e1225e12c999a37a9.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/g10/getkey.c b/g10/getkey.c
index a5effb606..a841aeec8 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3804,6 +3804,14 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
 			   req_usage, pk->pubkey_usage);
 	      continue;
 	    }
+	  if (opt.flags.disable_pqc_encryption
+              && pk->pubkey_algo == PUBKEY_ALGO_KYBER)
+	    {
+	      if (DBG_LOOKUP)
+                log_debug ("\tsubkey skipped due to option %s\n",
+                           "--disable-pqc-encryption");
+	      continue;
+	    }
 
           n_subkeys++;
 	  if (pk->flags.revoked)
author	Werner Koch <[email protected]>	2025-02-06 16:45:23 +0000
committer	Werner Koch <[email protected]>	2025-02-06 16:45:23 +0000
commit	00c31f8b04a41dcf1ee8f57e1225e12c999a37a9 (patch)
tree	ea996854fe8fbcff8d805c3ff086361a3f1a06d1 /g10/getkey.c
parent	kbx: Fix for building without keyboxd. (diff)
download	gnupg-00c31f8b04a41dcf1ee8f57e1225e12c999a37a9.tar.gz gnupg-00c31f8b04a41dcf1ee8f57e1225e12c999a37a9.zip