Page MenuHome GnuPG
Create Task
Maniphest T7649

gnupg: Use KEM interface for encryption/decryption
Testing, HighPublic
Actions

Description

T7014: agent: Enhancement of PKDECRYPT for KEM interface introduced use of KEM API (of libgcrypt) to gpg-agent.
It is good (for industrial certification(s) and auditors) to use KEM API in gpg frontend.

Revisions and Commits

rG GnuPG
rG681d75404300 gpg,agent: Clean up around using ECC KEM.
rG07e8ca2a9b54 gpg: Use ECC KEM interface for decryption.
rG04782e7fd629 agent: Add support for TPM2 for ECC KEM.
rGb956f47e2ab0 agent: Finish ECC KEM, adding support for NIST curves.
rG57a3d2392539 agent: Support ECC KEM by PKDECRYPT --kem.
rGeb9c39ac5bb5 agent: Refactor ECC KEM decap operation.
rGd1c3bfda2a8c gpg: Use the KEM API for ECC encryption.
rG40cfa71281db common: Add KEM constants for NIST curves.

Related Objects
Search...

Event Timeline

gniibe claimed this task.May 13 2025, 2:01 AM
gniibe triaged this task as High priority.
gniibe created this task.
gniibe added a comment.May 13 2025, 2:18 AM

NIST has an initial public draft for KEM: https://csrc.nist.gov/pubs/sp/800/227/ipd

werner added a project: gnupg26.May 13 2025, 3:24 PM
gniibe added a commit: rG40cfa71281db: common: Add KEM constants for NIST curves..May 16 2025, 7:08 AM
gniibe renamed this task from gnupg: Use KEM interface for decryption to gnupg: Use KEM interface for encryption/decryption.May 19 2025, 2:35 AM
gniibe added a commit: rGd1c3bfda2a8c: gpg: Use the KEM API for ECC encryption..May 19 2025, 8:01 AM
gniibe added a commit: rGeb9c39ac5bb5: agent: Refactor ECC KEM decap operation..May 20 2025, 9:33 AM
gniibe added a commit: rG57a3d2392539: agent: Support ECC KEM by PKDECRYPT --kem..May 21 2025, 7:58 AM
gniibe added a commit: rGb956f47e2ab0: agent: Finish ECC KEM, adding support for NIST curves..May 22 2025, 7:46 AM
gniibe added a commit: rG04782e7fd629: agent: Add support for TPM2 for ECC KEM..
gniibe added a commit: rG07e8ca2a9b54: gpg: Use ECC KEM interface for decryption..
gniibe changed the task status from Open to Testing.May 22 2025, 8:05 AM

Pushed all changes needed. Actually, agent side too.
Clean up will be done.

werner added a subscriber: werner.May 22 2025, 10:35 AM

FYI: I'd like to get a new release out after these changes.

gniibe added a commit: rG681d75404300: gpg,agent: Clean up around using ECC KEM..May 23 2025, 10:21 AM
gniibe added a comment.May 23 2025, 10:27 AM

Clean up finished by rG681d75404300: gpg,agent: Clean up around using ECC KEM.
Tested by make check and decrypting tests/openpgp/samplemsgs/pqc-sample-*.enc.asc.

collinfunk added a subscriber: collinfunk.Sat, May 24, 9:13 PM

@werner I think these changes caused an ASAN failure that I reported in T7664. I think it would be good to get that sorted before a release.

gniibe mentioned this in T5964: gnupg should use the KDFs implemented in libgcrypt.Mon, May 26, 6:32 AM
gniibe added a subtask: T7014: agent: Enhancement of PKDECRYPT for KEM interface.
gniibe added a subtask: T5964: gnupg should use the KDFs implemented in libgcrypt.Mon, May 26, 6:34 AM
gniibe added a comment.Tue, May 27, 3:38 AM

Another possible change will be use of KEM interface for gpgsm.
Not high priority, but for long term code maintenance.

werner mentioned this in T7671: Release GnuPG 2.5.7.Mon, Jun 2, 5:57 PM
gniibe closed subtask T5964: gnupg should use the KDFs implemented in libgcrypt as Resolved.Tue, Jun 17, 2:38 AM
werner closed subtask T7014: agent: Enhancement of PKDECRYPT for KEM interface as Resolved.Wed, Jun 18, 9:29 AM