diff options
| author | Werner Koch <[email protected]> | 2025-11-14 14:52:37 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2025-11-14 15:03:06 +0000 |
| commit | aea62817f30030da19fd0aee3a9f65b5c8347b64 (patch) | |
| tree | a633dc74a7913c68d5a1c7e1683a0a1aa69f6849 | |
| parent | build: Silence automake about escaping #. (diff) | |
| download | gnupg-aea62817f30030da19fd0aee3a9f65b5c8347b64.tar.gz gnupg-aea62817f30030da19fd0aee3a9f65b5c8347b64.zip | |
agent: Support protection for Kyber keys.
* agent/protect.c (protect_info): Support the Kyber variants.
--
We used to store the Kyber parts of a dual key unprotected because the
ECC should be enough to protect against a local attackers. But for
policy reasons we of course also need to protect the Kyber secret key
stored on on-disk.
GnuPG-bug-id: 6638
| -rw-r--r-- | agent/protect.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/agent/protect.c b/agent/protect.c index 6c9bbaebc..a4e7d6226 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -65,6 +65,10 @@ static const struct { { "ecdsa","pabgnqd", 6, 6, 1 }, { "ecdh", "pabgnqd", 6, 6, 1 }, { "ecc", "pabgnqd", 6, 6, 1 }, + { "ecc", "pabgnqd", 6, 6, 1 }, + { "kyber512", "ps", 1, 1 }, + { "kyber768", "ps", 1, 1 }, + { "kyber1024", "ps", 1, 1 }, { NULL } }; |