openpgp bug

Florian Weimer fw@deneb.enyo.de
Thu Mar 22 16:57:01 2001


Evan Prodromou <evan@prodromou.san-francisco.ca.us> writes:


> I can verify that the article does NOT say that GNUPG is affected by
> the sploit. It says that GNUPG uses the OpenPGP format, which is true.
See http://www.i.cz/pdf/pgp/OpenPGP_attack_CZ.pdf. GnuPG is *not* vulnerable to the described attack if you use RSA keys. At the moment, I'm not sure if the attack works against DSA keys; GnuPG performs an integrity check on the secret key material, but I'm not sure if it's sufficient.
> It sounds to me like a failure of the secret keyring file format and
> not of OpenPGP per se.
OpenPGP defines an exchange format for secret keys, and this format is vulnerable to the attack, so there's an error in OpenPGP as well.