On Thu, Oct 16, 2025 at 12:32 AM Robert J. Hansen via Gnupg-users <[email protected]> wrote: > > > I am remotely/anonymously urging a GnuPG newbie to install gpg4win 5 > > beta[1] with post-quantum encryption; everyone should use PQC > > *yesterday*.[2] > This is an extreme position. It is also silly. No, everyone does not
I would say it is extremely well advised as soon as possible to move to hybrid the PQC algorithms. For protection against "save now decrypt later" attacks. We need a feature where we can keep using PGP smartcards which currently only support RSA and EC on the hardware for protection of at least the traditional key portion. The demise of pre-quantum crypto is likely within our lifetimes, and there is much sensitive info we may have encrypted which is permanently sensitive. The email we send today containing a SSN, etc, may be captured and decrypted by an adversary 20 years from now, for example. So it's not that extreme position to say move to PQC algorithms as soon as possible. It is not a good idea if it weakens your defense against current security issues. In this case we're stuck encrypting the data with a 3-layer sandwitch Encrypt Input.txt first using a traditional RSA/EC algorithm with PGP smart card output temp1.asc Encrypt temp1.asc using a PQC algorithm (No hardware-based key protection supported yet) write output to temp2.asc Encrypt temp2.asc using a traditional RSA/EC algorithm crypto performed by PGP card write output to final.asc Securely delete input.txt, temp1.asc and temp2.asc Email temp2.asc - PQC Hybrid layer prevents access to the temp1.asc in case the final output's key is compromised. Now what would be useful is a GPG/PGP feature to automatically support this triple-encryption with arbitrary private key source and algorithm chaining. > need to switch immediately to PQC. If you want to play around with it, > feel free: if you have really unusual requirements necessitating Kyber, -- -JA _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
