Skip to content

Commit

Permalink
Post-Quantum Cryptography in OpenPGP
Browse files Browse the repository at this point in the history
  • Loading branch information
@songdongsheng
songdongsheng committed Jul 13, 2024
1 parent 3c4bf70 commit 71c459b
Show file tree
Hide file tree
Showing 2 changed files with 217 additions and 5 deletions.
8 changes: 3 additions & 5 deletions source/_posts/2020/Q1/2020-02-16-linux-distribution-kernel-glibc-version.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,15 +51,13 @@ Amazon Linux 2023 | 2023-03 | 2.34 | 11.4 | 6.
CBL-Mariner 2.0 | 2022-05 | 2.35 | 11.2 | 5.15
Ubuntu 22.04 | 2022-04 | 2.35 | 12.1 | 5.15
Debian 12 | 2023-06 | [2.36](https://tracker.debian.org/pkg/glibc) | [12.2](https://packages.debian.org/bookworm/libgcc-s1) | [6.1](https://tracker.debian.org/pkg/linux)
Fedora 37 | 2022-11 | 2.36 | 12.3 | 6.5
Fedora 38 | 2023-04 | 2.37 | 13.2 | 6.8
Fedora 39 | 2023-11 | 2.38 | 13.2 | 6.8
openEuler 24.04 | 2024-06 | 2.38 | 12.3 | 6.6
SLE 15 SP6 | 2024-06 | 2.38 | 13.3 | 6.4
**Ubuntu 24.04** | 2024-04 | **2.39** | 14.0 | 6.8
Fedora 40 | 2024-04 | 2.39 | 14.0 | 6.8
Fedora 40 | 2024-04 | 2.39 | 14.1 | 6.9
Debian 13 | ***2025-06*** | [2.41 ?](https://tracker.debian.org/pkg/glibc) | [15.2 ?](https://packages.debian.org/trixie/libgcc-s1) | [6.12 ?](https://tracker.debian.org/pkg/linux)
[SUSE Adaptable Linux Platform (ALP)](https://download.opensuse.org/repositories/SUSE:/ALP/) | ***2025-??*** | 2.39 ? | 14.0 ? | 6.8 ?
[**openSUSE Tumbleweed**](https://download.opensuse.org/tumbleweed/repo/oss/x86_64/) | ***Rolling*** | 2.39 ? | 14.0 ? | 6.8 ?
[**openSUSE Tumbleweed**](https://download.opensuse.org/tumbleweed/repo/oss/x86_64/) | ***Rolling*** | 2.39 ? | 14.1 ? | 6.9 ?
Alpine 3.18 | [2023-05](https://alpinelinux.org/releases/) | musl [1.2.4](https://gitlab.alpinelinux.org/alpine/aports/-/blob/3.18-stable/main/musl/APKBUILD) | [libgcc 12.2](https://gitlab.alpinelinux.org/alpine/aports/-/blob/3.18-stable/main/gcc/APKBUILD) | [6.1](https://gitlab.alpinelinux.org/alpine/aports/-/blob/3.18-stable/main/linux-lts/APKBUILD)
Alpine 3.19 | [2023-12](https://alpinelinux.org/releases/) | musl [1.2.4](https://gitlab.alpinelinux.org/alpine/aports/-/blob/3.19-stable/main/musl/APKBUILD) | [libgcc 13.2](https://gitlab.alpinelinux.org/alpine/aports/-/blob/3.19-stable/main/gcc/APKBUILD) | [6.6](https://gitlab.alpinelinux.org/alpine/aports/-/blob/3.19-stable/main/linux-lts/APKBUILD)
Alpine 3.20 | [2024-05](https://alpinelinux.org/releases/) | musl [1.2.5](https://gitlab.alpinelinux.org/alpine/aports/-/blob/3.20-stable/main/musl/APKBUILD) | [libgcc 13.2](https://gitlab.alpinelinux.org/alpine/aports/-/blob/3.20-stable/main/gcc/APKBUILD) | [6.6](https://gitlab.alpinelinux.org/alpine/aports/-/blob/3.20-stable/main/linux-lts/APKBUILD)
Expand Down
214 changes: 214 additions & 0 deletions source/_posts/2024/Q3/2024-07-13-post-quantum-cryptography-in-openpgp.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,214 @@
---
title: 'Post-Quantum Cryptography in OpenPGP'
excerpt: 'Post-Quantum Cryptography in OpenPGP'
date: 2024-07-13 14:53:36
tags:
- Linux
- Windows
- Security
categories: [Utility, Security]
---

# Post-Quantum Cryptography in OpenPGP

The newly released GnuPG 2.5.0 begins to experimentally support the post-quantum public key algorithm extension of the OpenPGP protocol. The post-quantum public key algorithm extension of the OpenPGP protocol provides the basis for long-term secure OpenPGP signatures and ciphertexts. It defines composite public key encryption based on `ML-KEM` and composite public key signatures based on `ML-DSA` (both of which are used in conjunction with elliptic curve cryptography), as well as `SLH-DSA` as an independent public key signature scheme. GnuPG currently only supports composite public key encryption based on `ML-KEM`, and support for digital signatures is under development.

GnuPG 2.5.0 supports PGC encryption algorithms `ky768_cv25519` and `ky1024_cv448` based on `X25519` and `X448`, and PQC encryption algorithms `ky768_bp256`, `ky1024_bp384` and `ky1024_bp512` based on `brainpoolP256r1`, `brainpoolP384r1` and `brainpoolP512r1`. Since `Brainpool` is not efficient, widely used, and has no security advantages, this article only tests PGC encryption algorithms `ky768_cv25519` and `ky1024_cv448` based on `X25519` and `X448`.

新发布的 GnuPG 2.5.0 开始试验性地支持 OpenPGP 协议的后量子公钥算法扩展。OpenPGP 协议的后量子公钥算法扩展为长期安全的 OpenPGP 签名和密文提供了基础。它定义了基于 `ML-KEM` 的复合公钥加密和基于 `ML-DSA` 的复合公钥签名(二者均与椭圆曲线密码术配合使用),以及将 `SLH-DSA` 定义为独立的公钥签名方案。GnuPG 目前仅支持基于 `ML-KEM` 的复合公钥加密,对数字签名的支持正在开发中。

GnuPG 2.5.0 支持基于 `X25519``X448` 的 PGC 加密算法 `ky768_cv25519``ky1024_cv448`,以及基于 `brainpoolP256r1``brainpoolP384r1``brainpoolP512r1` 的 PQC 加密算法 `ky768_bp256``ky1024_bp384``ky1024_bp512`。由于 `Brainpool` 效率不高、应用不广泛、没有安全优势,因此本文仅测试基于 `X25519``X448` 的 PGC 加密算法 `ky768_cv25519``ky1024_cv448`

## What You Need

- GnuPG 2.5.0 of later

## ML-KEM-768 + X25519

### Generate Key

```bash
gpg --quick-gen-key --batch --passphrase='' "X25519 User <[email protected]>" Ed25519 cert 1y

gpg --quick-add-key --batch --passphrase='' --pinentry-mode loopback DDE2BD47E5196CED794FDF17D9FFA236037FC097 ed25519 sign,auth 1y
gpg --quick-add-key --batch --passphrase='' --pinentry-mode loopback DDE2BD47E5196CED794FDF17D9FFA236037FC097 cv25519 encrypt 1y

# ML-KEM-768 + X25519
gpg --quick-add-key --batch --passphrase='' --pinentry-mode loopback DDE2BD47E5196CED794FDF17D9FFA236037FC097 ky768_cv25519 encrypt 1y
```

### List Key

```bash
$ gpg -K DDE2BD47E5196CED794FDF17D9FFA236037FC097
sec ed25519/D9FFA236037FC097 2024-07-13 [C] [expires: 2024-07-13]
Key fingerprint = DDE2 BD47 E519 6CED 794F DF17 D9FF A236 037F C097
uid [ultimate] X25519 User <[email protected]>
ssb ed25519/A2E4D93F5E67CDE2 2024-07-13 [SA] [expires: 2024-07-13]
Key fingerprint = 7660 3CDA E782 AEE7 C42A EF74 A2E4 D93F 5E67 CDE2
ssb cv25519/1D07C17D30191210 2024-07-13 [E] [expires: 2024-07-13]
Key fingerprint = F3AE 317F F319 12E7 E84B 9AC9 1D07 C17D 3019 1210
ssb ky768_cv25519/5C8EC98545A74E6C 2024-07-13 [E] [expires: 2024-07-13]
Key fingerprint = 5C8EC 98545 A74E6 C442A 76F3F 553F9 D39F0 FDF9A 2B7CD 8CA05
```

### Specify PGC key for encryption

```bash
$ echo "Hello, PGC!" > secret.txt
$ gpg --encrypt --yes -r 5C8EC98545A74E6C! secret.txt
$ gpg --decrypt --passphrase='' --pinentry-mode loopback secret.txt.gpg
gpg: encrypted with ky768_cv25519 key, ID 5C8EC98545A74E6C, created 2024-07-13
"X25519 User <[email protected]>"
Hello, PGC!
$ stat --printf="%s\t%n\n" secret.txt*
12 secret.txt
1274 secret.txt.gpg
```

### Specify X25519 key for encryption

```bash
$ echo "Hello, PGC!" > secret.txt
$ gpg --encrypt --yes -r 1D07C17D30191210! secret.txt
$ gpg --decrypt --passphrase='' --pinentry-mode loopback secret.txt.gpg
gpg: encrypted with cv25519 key, ID 1D07C17D30191210, created 2024-07-13
"X25519 User <[email protected]>"
Hello, PGC!
$ stat --printf="%s\t%n\n" secret.txt*
12 secret.txt
189 secret.txt.gpg
```

### Automatically select encryption key

```bash
$ echo "Hello, PGC!" > secret.txt
$ gpg --encrypt --yes -r D9FFA236037FC097 secret.txt
$ gpg --decrypt --passphrase='' --pinentry-mode loopback secret.txt.gpg
gpg: encrypted with ky768_cv25519 key, ID 5C8EC98545A74E6C, created 2024-07-13
"X25519 User <[email protected]>"
Hello, PGC!
$ stat --printf="%s\t%n\n" secret.txt*
12 secret.txt
1274 secret.txt.gpg
```

### Delete Key

```bash
gpg --delete-key --batch --yes DDE2BD47E5196CED794FDF17D9FFA236037FC097
```

## ML-KEM-1024 + X448

### Generate Key

```bash
gpg --quick-gen-key --batch --passphrase='' "X448 User <[email protected]>" Ed448 cert 1y

gpg --quick-add-key --batch --passphrase='' --pinentry-mode loopback 194E2C38F0C4354C4172DC586E3455C57BA2F61AB06EFC243A5D386ED86242B7 ed448 sign,auth 1y
gpg --quick-add-key --batch --passphrase='' --pinentry-mode loopback 194E2C38F0C4354C4172DC586E3455C57BA2F61AB06EFC243A5D386ED86242B7 cv448 encrypt 1y

# ML-KEM-1024 + X448
gpg --quick-add-key --batch --passphrase='' --pinentry-mode loopback 194E2C38F0C4354C4172DC586E3455C57BA2F61AB06EFC243A5D386ED86242B7 ky1024_cv448 encrypt 1y
```

### List Key

```bash
$ gpg -K 194E2C38F0C4354C4172DC586E3455C57BA2F61AB06EFC243A5D386ED86242B7
sec ed448/194E2C38F0C4354C 2024-07-13 [C] [expires: 2024-07-13]
Key fingerprint = 194E2 C38F0 C4354 C4172 DC586 E3455 C57BA 2F61A B06EF C243A
uid [ultimate] X448 User <[email protected]>
ssb ed448/96EA0B90619ACFCD 2024-07-13 [SA] [expires: 2024-07-13]
Key fingerprint = 96EA0 B9061 9ACFC D5709 BC773 F6300 D1B38 457BC 19792 C4763
ssb cv448/36FC63E177ECC404 2024-07-13 [E] [expires: 2024-07-13]
Key fingerprint = 36FC6 3E177 ECC40 4030B C0004 D91F7 4E1F7 E5590 CEC6A A096F
ssb ky1024_cv448/373E994D9B9AC9AE 2024-07-13 [E] [expires: 2024-07-13]
Key fingerprint = 373E9 94D9B 9AC9A EC476 3FA66 89794 AA808 894BE 4FDF4 020EE
```

### Specify PGC key for encryption

```bash
$ echo "Hello, PGC!" > secret.txt
$ gpg --encrypt --yes -r 373E994D9B9AC9AE! secret.txt
$ gpg --decrypt --passphrase='' --pinentry-mode loopback secret.txt.gpg
gpg: encrypted with ky1024_cv448 key, ID 373E994D9B9AC9AE, created 2024-07-13
"X448 User <[email protected]>"
Hello, PGC!
$ stat --printf="%s\t%n\n" secret.txt*
12 secret.txt
1778 secret.txt.gpg
```

### Specify X448 key for encryption

```bash
$ echo "Hello, PGC!" > secret.txt
$ gpg --encrypt --yes -r 36FC63E177ECC404! secret.txt
$ gpg --decrypt --passphrase='' --pinentry-mode loopback secret.txt.gpg
gpg: encrypted with cv448 key, ID 36FC63E177ECC404, created 2024-07-13
"X448 User <[email protected]>"
Hello, PGC!
$ stat --printf="%s\t%n\n" secret.txt*
12 secret.txt
212 secret.txt.gpg
```

### Automatically select encryption key

```bash
$ echo "Hello, PGC!" > secret.txt
$ gpg --encrypt --yes -r 194E2C38F0C4354C secret.txt
$ gpg --decrypt --passphrase='' --pinentry-mode loopback secret.txt.gpg
gpg: encrypted with ky1024_cv448 key, ID 373E994D9B9AC9AE, created 2024-07-13
"X448 User <[email protected]>"
Hello, PGC!
$ stat --printf="%s\t%n\n" secret.txt*
12 secret.txt
1778 secret.txt.gpg
```

### Delete Key

```bash
gpg --delete-key --batch --yes 194E2C38F0C4354C4172DC586E3455C57BA2F61AB06EFC243A5D386ED86242B7
```

## ML-DSA-65 + Ed25519

```bash
# Not working yet
gpg --quick-add-key --batch --passphrase='' --pinentry-mode loopback DDE2BD47E5196CED794FDF17D9FFA236037FC097 dil3_ed25519 sign 1y
```

## ML-DSA-87 + Ed448

```bash
# Not working yet
gpg --quick-add-key --batch --passphrase='' --pinentry-mode loopback 194E2C38F0C4354C4172DC586E3455C57BA2F61AB06EFC243A5D386ED86242B7 dil5_ed448 sign 1y
```

## Wrapping Up

OpenPGP currently does not fully support the PGC algorithm. It only supports encryption algorithms and lacks digital signature algorithms. It only supports generating PGC keys in the `quick-gen-key` and `quick-add-key` interfaces, but does not support generating PGC keys in the interactive interface.

OpenPGP 目前对 PGC 算法的支持并不完整,仅支持加密算法,缺少数字签名算法;仅支持在 `quick-gen-key``quick-add-key` 接口中生成 PGC 密钥,不支持在交互界面中生成 PGC 密钥。

Considering that the PGC algorithm is in the draft stage, the implementation status of OpenPGP's PGC is quite exciting.

考虑到 PGC 算法处于草案阶段,OpenPGP 当前的 PGC 实现状况相当令人兴奋。

## Reference

- https://github.com/gpg/gnupg/blob/master/tests/openpgp/samplekeys/README
- https://github.com/gpg/gnupg/blob/master/common/openpgpdefs.h
- https://www.ietf.org/archive/id/draft-wussler-openpgp-pqc-04.html
- https://csrc.nist.gov/pubs/fips/203/ipd
- https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf
- https://github.com/nccgroup/fips203
- https://dev.gnupg.org/T6815
- https://dev.gnupg.org/T7189
- https://lists.gnupg.org/pipermail/gnupg-announce/2024q3/000484.html

0 comments on commit 71c459b

Please sign in to comment.