GnuPG — Post-Quantum Cryptography Analysis
GnuPG defaults to RSA-2048/4096 and DSA for key generation — both fully broken by Shor's algorithm on a cryptographically relevant quantum computer. ECDSA (ed25519/nistp256) support was added but all elliptic-curve schemes are equally quantum-vulnerable. There is no native support for NIST-standardized post-quantum algorithms (ML-KEM, ML-DSA). Keys signed today can be harvested and verified in the future when quantum hardware matures.
Findings
RSA-2048 / RSA-4096common/openpgpdefs.hDefault key type. Shor's algorithm breaks RSA in polynomial time on a sufficiently large quantum computer.
DSA / ElGamalg10/keygen.cLegacy algorithm still supported. Discrete-log assumption broken by Shor's.
ECDSA (nistp256 / nistp384)common/ecc-curves.cNIST elliptic curves. Shor's algorithm extends to ECDLP — secp256r1 broken as fast as RSA-1300.
Ed25519 / X25519common/ecc-curves.cCurve25519 is faster and safer than NIST curves against classical attacks, but still quantum-vulnerable.
AES-128 symmetriccipher/cipher.cAES-128 offers only 64-bit security against Grover's algorithm. Below 128-bit post-quantum threshold.
Compliance note
DORA Article 6 requires financial entities to maintain cryptographic agility. NIS2 Annex I mandates state-of-the-art cryptography for critical infrastructure. GnuPG at default settings does not meet either requirement post-2027 threat horizon.
Is your codebase using any of these algorithms?
QuantumScan checks your repo in ~90 seconds. Free. No account needed. Supports GitHub, GitLab, Bitbucket, and ZIP uploads.
Run a free scan →