Does GNUPG have the PGP ADK weakness?

Werner Koch
Mon, 28 Aug 2000 11:09:20 +0200

On Mon, 28 Aug 2000, Huels, Ralf KSV wrote:

> Ralf´s statement that GnuPG is vulnerable seems to be based on the fact
> that keys generated by GnuPG can be modified by an attacker to contain
> an unwanted ADK. No user of GnuPG will have a problem with that as GnuPG
You can't distinguis a GnuPG created key from a key generated by an other implemenation. OpenPGP demands the use of v4 signatures because they have a lot of advantages. BTW, thre are other tools to generate v4 keys and signatures aside from GnuPG or NAI. Werner -- Werner Koch GnuPG key: 621CC013 OpenIT GmbH -- Archive is at - Unsubscribe by sending mail with a subject of "unsubscribe" to