Open Bug 1848103 Opened 2 years ago Updated 2 years ago

Support OpenPGP encryption with Post-Quantum-Cryptography using backwards-compatible v4 keys

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: KaiE, Unassigned)

References

(Depends on 1 open bug)

Details

(Whiteboard: project-tracker)

Work is underway to define the use post-quantum resistant cryptography with OpenPGP:
https://datatracker.ietf.org/doc/draft-wussler-openpgp-pqc/

As a first step, it may be possible to have OpenPGP keys of version 4 (as defined in RFC 4880) that contain an encryption subkey for a PQC encryption algorithm.

An OpenPGP key that contains at least two separate encryption subkeys, one for a classic algorithm (RSA or ECC), and another one for a PQC algorithm, could provide compatibility with existing OpenPGP implementations, and also allow encrypted communication with more modern implementations that support PQC.

The suggestion is to implement this first step in Thunderbird, once the standard specifications have been completed.

It would require:

  • a new version of RNP that supports these v4 encryption subkeys and related algorithms
  • a new version of Botan that supports the required base cryptography
  • RNP automatically decrypting messages that use this new encryption, when the user owns the respective secret key
  • the ability in Thunderbird to show these subkeys in the key details dialog
  • the ability in Thunderbird to select these subkeys when looking up the public encryption key for a correspondent
  • the ability in Thunderbird to generate such a key.

When generating a (v4) OpenPGP key, it may be useful to generate two encryption subkeys, both classic and PQC.

It may be useful to offer the functionality to add a new PQC subkey to an existing OpenPGP key that user already has.

We'd have to answer the question: Which encryption subkey should be included in the Autocrypt-compatible header that Thunderbird adds to outgoing messages?

A very rough estimate is that the work on this Thunderbird enhancement could begin in late 2024.

Depends on: 1848104

(In reply to Kai Engert (:KaiE:) from comment #0)

  • the ability in Thunderbird to select these subkeys when looking up the public encryption key for a correspondent

If there is a choice between an encryption subkey with a classic algorithm, vs a PQC algorithm, it may be acceptable to always prefer the PQC algorithm, based on the following assumption: Given that all currently discussed PQC algorithms are hybrid algorithms, which combine a classic algorithm with a new scheme, the combined algorithms should offer stronger protection.

You need to log in before you can comment on or make changes to this bug.