T7014: agent: Enhancement of PKDECRYPT for KEM interface introduced use of KEM API (of libgcrypt) to gpg-agent.
It is good (for industrial certification(s) and auditors) to use KEM API in gpg frontend.
Description
Description
Revisions and Commits
Revisions and Commits
rG GnuPG | |||
rG5e623b71d5ce common:kem: Factor out a function to retrieve ECC parameters. | |||
rG49a9171f63ac gpg: Do not show the secp256k1 curve in --full-gen-key. | |||
rG681d75404300 gpg,agent: Clean up around using ECC KEM. | |||
rG07e8ca2a9b54 gpg: Use ECC KEM interface for decryption. | |||
rG04782e7fd629 agent: Add support for TPM2 for ECC KEM. | |||
rGb956f47e2ab0 agent: Finish ECC KEM, adding support for NIST curves. | |||
rG57a3d2392539 agent: Support ECC KEM by PKDECRYPT --kem. | |||
rGeb9c39ac5bb5 agent: Refactor ECC KEM decap operation. | |||
rGd1c3bfda2a8c gpg: Use the KEM API for ECC encryption. | |||
rG40cfa71281db common: Add KEM constants for NIST curves. |
Status | Assigned | Task | ||
---|---|---|---|---|
Testing | • gniibe | T7649 gnupg: Use KEM interface for encryption/decryption | ||
Resolved | • werner | T7014 agent: Enhancement of PKDECRYPT for KEM interface | ||
Open | • gniibe | T7097 Support a key on smartcard for PQC | ||
Resolved | • gniibe | T5964 gnupg should use the KDFs implemented in libgcrypt | ||
Resolved | • gniibe | T7698 Add support of secp256k1 for KEM API | ||
Testing | • gniibe | T7709 Decryption with ECC smartcard keys broken |
Event Timeline
Comment Actions
Clean up finished by rG681d75404300: gpg,agent: Clean up around using ECC KEM.
Tested by make check and decrypting tests/openpgp/samplemsgs/pqc-sample-*.enc.asc.
Comment Actions
Another possible change will be use of KEM interface for gpgsm.
Not high priority, but for long term code maintenance.
Comment Actions
secp256k1 failure:
https://lists.gnupg.org/pipermail/gnupg-users/2025-June/067731.html
It should be supported as well.
Comment Actions
secp256k1 is an --expert option and not supported by other *PGP
implementations. We should actually hide this thing even more and not
even display it with --expert. Thus do no expect an immediate 2.5.9
release to fix this issue.