ROCA detection in GnuPG

Werner Koch wk at
Tue Oct 17 09:01:53 CEST 2017


Over at gnupg-verein, Phil asked whether it would make sense to have an
auto-detection of ROCA affected keys in GnuPG.

Only a few gpg generated keys seem to be affected.  Probably those
created on certain smartcards: Yubikey seems to be affected but the
commonly used Zeitcontrol card should be fine because, afaik, that card
uses an NXP and not an Infinion chip.

I wondered on how to best implement this in GnuPG: We have no central
place to test _public_ keys and thus a check needs to be implemented in
gpgsm, and gpg.  I expect that OpenSSH will provide a tool to check ssh
public keys, thus there is no need for us to do that in gpg-agent.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 357 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list