Problems with private keyring?

Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
Sat Mar 24 00:05:10 2001


Johan Wevers <johanw@vulcan.xs4all.nl> writes:


> Florian Weimer wrote:
>
> >>http://cert.uni-stuttgart.de/files/fw/gnupg-klima-rosa.diff
> >>http://cert.uni-stuttgart.de/files/fw/gnupg-klima-rosa.diff.asc
>
> > As an added bonus, it protects against signature computation errors
> > (due to overclocking or bugs in the MPI implementation), which
> > was first proposed in this context by Lutz Donnerhacke.
>
> Will these patches be included in gpg 1.0.5?
No, they won't. My employer is still waiting for an FSF copyright assignment contract which is compatible with German law. Werner is working on a different solution which protects the secret keys in a better way. However, I hope that some additional checks are introduced as well because they prevent GnuPG from revealing the secret key due to a computation error (which is perhaps the result of a single flipped bit). -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898