ROCA detection in GnuPG

NIIBE Yutaka gniibe at
Tue Oct 17 12:45:01 CEST 2017

Werner Koch <wk at> writes:
> I wondered on how to best implement this in GnuPG: We have no central
> place to test _public_ keys and thus a check needs to be implemented in
> gpgsm, and gpg.  I expect that OpenSSH will provide a tool to check ssh
> public keys, thus there is no need for us to do that in gpg-agent.

In case of the Debian SSH problem, it was Colin Watson who added
ssh-vulnkey to openssh source package in Debian.

It was dropped in 1:6.5p1-1.  The discussion of dropping ssh-vulnkey can
be found here:

So, I'm not sure if OpenSSH will provide a tool.

More information about the Gnupg-devel mailing list