On 16/10/2025 10:34, Jay Acuna via Gnupg-users wrote:
In this case we're stuck encrypting the data with a 3-layer sandwitchEncrypt Input.txt first using a traditional RSA/EC algorithm with PGP smart card output temp1.asc Encrypt temp1.asc using a PQC algorithm (No hardware-based key protection supported yet) write output to temp2.asc Encrypt temp2.asc using a traditional RSA/EC algorithm crypto performed by PGP card write output to final.asc Securely delete input.txt, temp1.asc and temp2.asc Email temp2.asc - PQC Hybrid layer prevents access to the temp1.asc in case the final output's key is compromised.
Please don't roll your own encryption - this includes reinventing 3DES. Encryption sandwiches like this never have the security properties you might naively think. (See 3DES...)
Also keep in mind that you're orders of magnitude more likely to lose your SSN or credit card number in a data breach than to quantum cryptanalysis. And the feds already know your SSN and credit card number. ;-)
A
OpenPGP_0xFB73E21AF1163937.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
