The https://freepg.org/ project maintains patches against #GnuPG with the goal of closer adherence to the IETF #OpenPGP spec.

hko@floss.social

The https://freepg.org/ project maintains patches against #GnuPG with the goal of closer adherence to the IETF #OpenPGP spec.

One currently open question is if/how draft-ietf-openpgp-pqc support could be realistically added to #FreePG

I've started https://codeberg.org/freepg/freepg-draft-ietf-openpgp-pqc first of all as a notes-to-self repo for a (presumably very slow and long-term) side quest to explore this problem.

Specifically, the goal would be adding support for v4 ML-KEM-768+X25519 subkeys.

Post-Quantum Cryptography in OpenPGP

This document defines a post-quantum public key algorithm extension for the OpenPGP protocol, extending RFC9580. Given the generally assumed threat of a cryptographically relevant quantum computer, this extension provides a basis for long-term secure OpenPGP signatures and ciphertexts. Specifically, it defines composite public key encryption based on ML-KEM (formerly CRYSTALS-Kyber), composite public key signatures based on ML-DSA (formerly CRYSTALS-Dilithium), both in combination with elliptic curve cryptography, and SLH-DSA (formerly SPHINCS+) as a standalone public key signature scheme.

(www.ietf.org)