Diffusion GnuPG 72e3fddbfe7b

gpg: Force the use of AES-256 in some cases
72e3fddbfe7b
Actions

Tags

None

Subscribers

None

Description

gpg: Force the use of AES-256 in some cases

* g10/encrypt.c (create_dek_with_warnings): Forcefully use AES-256 if
PQC encryption was required or if all recipient keys are Kyber keys.

If --require-pqc-encryption was set, then it should be safe to always
force AES-256, without even checking if we are encrypting to Kyber keys
(if some recipients do not have Kyber keys, --require-pqc-encryption
will fail elsewhere).

Otherwise, we force AES-256 if we encrypt *only* to Kyber keys -- unless
the user explicitly requested another algo, in which case we assume they
know what they are doing.

Man page entry extended

GnuPG-bug-id: T7472
Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance

Damien Goutte-Gattat via Gnupg-devel <gnupg-devel@gnupg.org>	Authored on Fri, Jan 3, 9:59 PM
• werner	Committed on Mon, Jan 6, 6:17 PM

Parents

rG80828512b6ec: gpg: Allow smaller session keys with Kyber

Branches

Unknown

Tags

Unknown

Tasks

T7472: Cannot decrypt a message encrypted to a Kyber subkey with AES128

Event Timeline

• werner committed rG72e3fddbfe7b: gpg: Force the use of AES-256 in some cases (authored by Damien Goutte-Gattat via Gnupg-devel <gnupg-devel@gnupg.org>).Mon, Jan 6, 6:17 PM

• werner added a task: T7472: Cannot decrypt a message encrypted to a Kyber subkey with AES128.Mon, Jan 6, 6:30 PM

Changes (2)

Path

Size

doc/

g10/

rG72e3fddbfe7b

doc/gpg.texi

Loading...

g10/encrypt.c

Loading...