PGP Bug Solution?

Arno Wagner wagner at
Mon Mar 26 14:09:01 CEST 2001

Nicholas Cole wrote:
> I may be completely wrong, but if I understand the paper correctly,
> the modified key will not produce a valid signature.

With the correct public key this should be true for the DSA
signatures. I am not sure for RSA signatures.

> If that is the case, could not GPG attempt to validate a signature
> when created, and ring alarm bells if the signature does not verify?

The problem here is that somebody that can write the private key can 
most likely also write the public key. As far as I understand it, 
the public key might require more than the change of the modulus 
(does it? not sure), but it should be computationally feasible 
to create a public key that will check out. 

So signatures will only fail at sites that have the correct public key. 
I am not sure such a check would add to the security. 


Arno Wagner     Dipl. Inform.      ETH Zuerich      wagner at
GnuPG: ID: F0C049F1  FP: 8C E0 6F A5 CC B1 5A 11  ED C7 AD D2 05 5E BB 6F
"What I saw in the Xerox PARC technology was the caveman interface, you point
 and you grunt. A massive winding down, regressing away from language, in
 order to address the technological nervousness of the user. Users wanted to
 be infantilized, to return to a pre-linguistic condition in the using of
 computers, and the Xerox PARC technology's primary advantage was that it
 allowed users to address computers in a pre-linguistic way. This was to my
 mind a terribly socially retrograde thing to do, and I have not changed my
 mind about that." Eben Moglen ( for more by E.M.) 

More information about the Gnupg-devel mailing list