gpg-rsa-key decryption with a mobile
Werner Koch
wk at gnupg.org
Thu Dec 19 19:03:57 CET 2013
On Thu, 19 Dec 2013 17:54, oub at mat.ucm.es said:
> Since you are mentioned in this webpage, do you know by any chance
> whether gpgsm is vulnerable in a similar way?
gpgsm uses Libgcrypt and Libgcrypt employs RSA blinding for a long time
now. Thus it is not vulnerable. The reason Libgcrypt has RSA blinding
is that it is used by online protocols like TLS were it is easy to mount
certain timing attacks in the LAN. With GnuPG these calls of network
based attacks are not possible and thus we did not used blinding in
GnuPG-1.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list