ROCA detection in GnuPG

NIIBE Yutaka gniibe at fsij.org
Tue Oct 17 12:45:01 CEST 2017


Werner Koch <wk at gnupg.org> writes:
> I wondered on how to best implement this in GnuPG: We have no central
> place to test _public_ keys and thus a check needs to be implemented in
> gpgsm, and gpg.  I expect that OpenSSH will provide a tool to check ssh
> public keys, thus there is no need for us to do that in gpg-agent.

In case of the Debian SSH problem, it was Colin Watson who added
ssh-vulnkey to openssh source package in Debian.

It was dropped in 1:6.5p1-1.  The discussion of dropping ssh-vulnkey can
be found here:

    https://lists.debian.org/debian-ssh/2013/09/msg00014.html

So, I'm not sure if OpenSSH will provide a tool.
-- 



More information about the Gnupg-devel mailing list