gpg4win expired code signing cert; please renew.

Jay Acuna mysidia at gmail.com
Sat Oct 18 02:03:45 CEST 2025 

On Thu, Oct 16, 2025 at 1:35 PM <have at anonymous.sex> wrote:

> And why bother?  Real Cryptographers™ have already done the hard work
> for securely hybridizing the needed algorithms, and developers such as

The why bother; is because it is best option available, for now.
The PKCS11 devices you are able to find at the store for purchase from
a trustworthy vendor don't support the PQC algorithms.

Hardware development is slow, and much of your hardware will only support RSA
and EC keys for a very long time. Good luck getting PQC on a PGP card.
Even support for RSA keys longer than 2048 are difficult to find.

Software on your computer can support the PQC algorithms as soon as
they come out, but software cannot provide appropriate key protection
against the adversaries who gain logical or physical control over your computer.

These tools such as malware who would steal your keys are real and
tangible, and a huge threat, but quantum computing is in the future.
They are, as far as you know, very different unrelated types of actors.
The concern from quantum computers is your adversaries will sniff
your traffic on the wire and save it in their 30-year cold storage for future
perusal. They are not on your computer with malware snatching your
keys. IF they were, then the PQC algorithm offers zero additional
protection. Only a hardware-based solution has anything to offer in
this area -- hardware with no PQC public-key ciphers supported.

It is logical to say   nest   E_algorithm1_key1 ( E_algorithm2_key2 )
to defend against entirely different categories of theoretical future
attackers who can break E_algorithm1.  But  keep the E_algorithm1
encryption to defend against actors who can
use malware to steal the E_algtorithm2_key straight off your computer.


It doesn't matter if in theory some ideal attacker could establish a
mathematical
association between the two algorithms, as they say.
Because your alternative is  only use E_algorithm2 which makes you
seriously vulnerable immediately.
Or only use E_algorithm1 which is to just ignore the future quantum
threat entirely.

You are in an objectively weaker position using only one level of
protection versus both.

There's no point in mulling over a theoretical subset of attacker who has
both malware to steal your PQC key and a quantum computer to
blow up your traditional key.   There are extremely strong reasons here
to Not  only use E_algorithm1  and to also not only use E_algorithm2.

And the reason for applying E_algorithm1 does not have to do with
concerns about the cryptographic properties of E_algorithm2.
It's about the form in which implementations of that algorithm have been made
available to you for use.

> WK and the GnuPG devs have already implemented it *a year ago* (v.2.5.1
> stable/forward-compatible protocol for ECC+Kyber).
--
-JA

More information about the Gnupg-users mailing list