Snapshot 1.0.4f & Klima/Rosa tests

Florian Weimer fw at
Wed Mar 28 12:22:04 CEST 2001

Steve Beach <asb4 at> writes:

> I'm a little bit paranoid about the Klima/Rosa attack.  Examining the
> source code, it doesn't appear that there has been any change in the
> verification of the secret keys in cipher/dsa.c or cipher/rsa.c.

The computed signatures are verified using the public key.  This is
pretty much equivalent to the proposed checks on the key material, but
it detects computation errors as well.

Werner planned to add better secret key protection.  However, I don't
think it's included in 1.0.4f (?).

More information about the Gnupg-devel mailing list