[Announce] [security fix] Libgcrypt and GnuPG

Branko Majic branko at majic.rs
Sat Aug 9 22:52:57 CEST 2014


On Fri, 08 Aug 2014 12:17:06 +0200
Werner Koch <wk at gnupg.org> wrote:

> Hi!
> 
> While evaluating the "Get Your Hands Off My Laptop" [1] paper I missed
> to describe [2] a software combination which has not been fixed and is
> thus vulnerable to the attack described by the paper.  If you are using
> a GnuPG version with a *Libgcrypt version < 1.6.0*, it is possible to
> mount the described side-channel attack on Elgamal encryption subkeys.
> To check whether you are using a vulnerable Libgcrypt version, enter
> 
>   gpg2 --version
> 
> on the command line; the second line of the output gives the Libgcrypt
> version:
> 
>   gpg (GnuPG) 2.0.25
>   libgcrypt 1.5.3
> 
> In this example Libgcrypt is vulnerable.  If you see 1.6.0 or 1.6.1 you
> are fine.  GnuPG versions since 1.4.16 are not affected because they do
> not use Libgcrypt.
> 
> The recommendation is to update any Libgcrypt version below 1.6.0 to at
> least the latest version from the 1.5 series which is 1.5.4.  Updating
> to 1.6.1 is also possible but that requires to rebuild GnuPG.
> 
> Libgcrypt 1.5.4 has been released yesterday [3]; for convenience I
> include the download instructions below.  A CVE-id has not yet been
> assigned.
> 
> Many thanks to Daniel Genkin for pointing out this problem.
> 
> 
> Shalom-Salam,
> 
>    Werner
> 
> 
> [1] http://www.cs.tau.ac.il/~tromer/handsoff
> [2] http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000349.html
> [3] http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000351.html
> 
> Download
> ========
> 
> Libgcrypt source code is hosted at the GnuPG FTP server and its mirrors
> as listed at https://www.gnupg.org/download/mirrors.html .  On the
> primary server the source tarball and its digital signature are:
> 
>  ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.4.tar.bz2 (1478k)
>  ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.4.tar.bz2.sig
> 
> That file is bzip2 compressed.  A gzip compressed version is here:
> 
>  ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.4.tar.gz (1763k)
>  ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.4.tar.gz.sig
> 
> Alternativley you may upgrade using this patch file:
> 
>  ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3-1.5.4.diff.bz2 (17k)
> 
> In order to check that the version of Libgcrypt you are going to build
> is an original and unmodified one, you can do it in one of the following
> ways:
> 
>  * Check the supplied OpenPGP signature.  For example to check the
>    signature of the file libgcrypt-1.5.4.tar.bz2 you would use this
>    command:
> 
>      gpg --verify libgcrypt-1.5.4.tar.bz2.sig
> 
>    This checks whether the signature file matches the source file.  You
>    should see a message indicating that the signature is good and made
>    by the release signing key 4F25E3B6 which is certified by my well
>    known key 1E42B367.  To retrieve the keys you may use the command
>    "gpg --fetch-key finger:wk at g10code.com".
> 
>  * If you are not able to use GnuPG, you have to verify the SHA-1
>    checksum:
> 
>      sha1sum libgcrypt-1.5.4.tar.bz2
> 
>    and check that the output matches the first line from the
>    following list:
> 
> bdf4b04a0d2aabc04ab3564fbe38fd094135aa7a  libgcrypt-1.5.4.tar.bz2
> 71e432e0ae8792076a40c6059667997250abbb9d  libgcrypt-1.5.4.tar.gz
> 8876ae002751e6ec26c76e510d17fc3e0eccb3ed  libgcrypt-1.5.3-1.5.4.diff.bz2
> 
> 
> Watching out for possible security problems and working with researches
> to fix them takes a lot of time.  g10 Code GmbH, a German company owned
> and headed by me, is bearing these costs.  To help us carry on this
> work, we need your support; please see https://gnupg.org/donate/ .
> 

Skimming through the description, does it mean that users with OpenPGP
cards should be impervious to this attack? Can the attack be used to
leak symmetric keys during the GnuPG operation?

Best regards

-- 
Branko Majic
Jabber: branko at majic.rs
Please use only Free formats when sending attachments to me.

Бранко Мајић
Џабер: branko at majic.rs
Молим вас да додатке шаљете искључиво у слободним форматима.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: </pipermail/attachments/20140809/c0de8809/attachment.sig>


More information about the Gcrypt-devel mailing list