Help Me Understand Cryptography A Little Better

[Gerowen]

So, as somebody who isn't a cryptography expert, let me see if I understand something right.  I hope y’all don’t mind me trying to educate myself, and would appreciate some high level/layman type feedback so that I can at least have a big picture idea of how the encryption is working, and what is or isn't safe against quantum computers.

First off, I know that (or am pretty sure that), if all you have is an encrypted message, without its plain text original as a reference, then symmetric encryption algorithms like AES, Twofish, ChaCha20, etc. are quantum safe.  I know that asymmetric algorithms like RSA, ElGamal or even asymmetric eliptic curve algorithms like X25519 are NOT quantum safe, and that variations of Shor's algorithm could theoretically break them, given a quantum computer with enough qbits.

If you encrypt something with just a password using AGE or PGP, it uses symmetric encryption, and puts that password through a KDF to turn it into a private key to be used for that.  The encrypted copy of that encryption key is stored with the data itself and can only be accessed when the correct password is put through the same KDF.  So, this is quantum safe, correct?

If you use asymmetric encryption, it generates a one time symmetric key for something like AES or ChaCha20, encrypts the data with that, then encrypts that symmetric key with the public half of the asymmetric key pair and stores it with the data.  This is NOT quantum safe because even though the symmetric encryption is used on the data, the private key for that symmetric encryption is protected by an asymmetric algorithm, so attackers don’t need to break AES or ChaCha20, they just need to break the RSA/ElGamal/ECC that’s protecting the encryption key.

If you use a password protected asymmetric key pair, does it use a KDF and symmetric algorithm to then protect your asymmetric key pair?  Does entering the pass-phrase then decrypt and unlock that pair?  So in effect, if you encrypt data with a password protected asymmetric key pair, it could essentially work like: SYM → ASYM → SYM

So is it essentially going through 3 layers of encryption for this kind of scenario?  One to unlock the asymmetric pair, then another to unlock the symmetric key, then another to unlock the data itself.

So when it comes to quantum computers, would asymmetric cryptography be safe if it’s password protected, or not safe because the public key is still available and can be used to break it, regardless of the password protection on your private key?

[Gerowen]

Just occurred to me that with straight forward, password symmetric encryption, you wouldn't need to store the key itself with the data.  Run the password through the KDF and that "is" the key, you don't have to save it because it'll just get regenerated when the user enters the correct password.