Problems with private keyring?

Florian Weimer
Fri Mar 23 00:28:02 2001

Florian Weimer <> writes:

The newest version of these patches should actually work. As an added bonus, it protects against signature computation errors (due to overclocking or bugs in the MPI implementation), which was first proposed in this context by Lutz Donnerhacke. GnuPG calculates the signature in Z/pZ x Z/qZ instead of Z/nZ (which would be slower). If the computation in one component of the direct sum fails, the difference to the correct result is likely a multiple of p or q. (AFAIK, this is called a 'Bellcore attack' in German hacker circles.)