ROCA detection in GnuPG
Werner Koch
wk at gnupg.org
Tue Oct 17 09:01:53 CEST 2017
Hi!
Over at gnupg-verein, Phil asked whether it would make sense to have an
auto-detection of ROCA affected keys in GnuPG.
Only a few gpg generated keys seem to be affected. Probably those
created on certain smartcards: Yubikey seems to be affected but the
commonly used Zeitcontrol card should be fine because, afaik, that card
uses an NXP and not an Infinion chip.
I wondered on how to best implement this in GnuPG: We have no central
place to test _public_ keys and thus a check needs to be implemented in
gpgsm, and gpg. I expect that OpenSSH will provide a tool to check ssh
public keys, thus there is no need for us to do that in gpg-agent.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 357 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171017/4f52eedf/attachment.sig>
More information about the Gnupg-devel
mailing list