openpgp bug

[Florian Weimer]

Evan Prodromou <evan@prodromou.san-francisco.ca.us> writes:

> I can verify that the article does NOT say that GNUPG is affected by
> the sploit. It says that GNUPG uses the OpenPGP format, which is true.

See http://www.i.cz/pdf/pgp/OpenPGP_attack_CZ.pdf.  GnuPG is *not*
vulnerable to the described attack if you use RSA keys.  At the
moment, I'm not sure if the attack works against DSA keys; GnuPG
performs an integrity check on the secret key material, but I'm not
sure if it's sufficient.

> It sounds to me like a failure of the secret keyring file format and
> not of OpenPGP per se.

OpenPGP defines an exchange format for secret keys, and this format is
vulnerable to the attack, so there's an error in OpenPGP as well.