[Announce] GnuPG's ElGamal signing keys compromised

Werner Koch wk at gnupg.org
Fri Nov 28 11:17:16 CET 2003

On Fri, 28 Nov 2003 00:07:33 +0000, Noel D Torres Taño said:

> Can't this be addressed changing the code to use a different small k for
> signing, thus allowing to continue using (new) ElGamal sign+encrypt
> keys?

I didn't expressed it correctly.  With "same small k" I meant that the
k used was of the same size as the secret exponent x used for key
creation.  The small k (e.g. 247 bits for a 1024 bit key) is the
actual fault when used for signing.  Such a small k used for
encryption is not a problem and obviously can't lead to a private key
compromise because the encryption operation does not require the
private key.


Werner Koch                                      <wk at gnupg.org>
The GnuPG Experts                                http://g10code.com
Free Software Foundation Europe                  http://fsfeurope.org

More information about the Gnupg-devel mailing list