[Announce] [security fix] Libgcrypt and GnuPG
wk at gnupg.org
Fri Aug 8 12:17:06 CEST 2014
While evaluating the "Get Your Hands Off My Laptop"  paper I missed
to describe  a software combination which has not been fixed and is
thus vulnerable to the attack described by the paper. If you are using
a GnuPG version with a *Libgcrypt version < 1.6.0*, it is possible to
mount the described side-channel attack on Elgamal encryption subkeys.
To check whether you are using a vulnerable Libgcrypt version, enter
on the command line; the second line of the output gives the Libgcrypt
gpg (GnuPG) 2.0.25
In this example Libgcrypt is vulnerable. If you see 1.6.0 or 1.6.1 you
are fine. GnuPG versions since 1.4.16 are not affected because they do
not use Libgcrypt.
The recommendation is to update any Libgcrypt version below 1.6.0 to at
least the latest version from the 1.5 series which is 1.5.4. Updating
to 1.6.1 is also possible but that requires to rebuild GnuPG.
Libgcrypt 1.5.4 has been released yesterday ; for convenience I
include the download instructions below. A CVE-id has not yet been
Many thanks to Daniel Genkin for pointing out this problem.
Libgcrypt source code is hosted at the GnuPG FTP server and its mirrors
as listed at https://www.gnupg.org/download/mirrors.html . On the
primary server the source tarball and its digital signature are:
That file is bzip2 compressed. A gzip compressed version is here:
Alternativley you may upgrade using this patch file:
In order to check that the version of Libgcrypt you are going to build
is an original and unmodified one, you can do it in one of the following
* Check the supplied OpenPGP signature. For example to check the
signature of the file libgcrypt-1.5.4.tar.bz2 you would use this
gpg --verify libgcrypt-1.5.4.tar.bz2.sig
This checks whether the signature file matches the source file. You
should see a message indicating that the signature is good and made
by the release signing key 4F25E3B6 which is certified by my well
known key 1E42B367. To retrieve the keys you may use the command
"gpg --fetch-key finger:wk at g10code.com".
* If you are not able to use GnuPG, you have to verify the SHA-1
and check that the output matches the first line from the
Watching out for possible security problems and working with researches
to fix them takes a lot of time. g10 Code GmbH, a German company owned
and headed by me, is bearing these costs. To help us carry on this
work, we need your support; please see https://gnupg.org/donate/ .
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 180 bytes
Desc: not available
More information about the Gnupg-announce