gpg-rsa-key decryption with a mobile
Mike Cardwell
gnupg at lists.grepular.com
Fri Dec 20 10:28:28 CET 2013
* on the Thu, Dec 19, 2013 at 07:03:57PM +0100, Werner Koch wrote:
>> Since you are mentioned in this webpage, do you know by any chance
>> whether gpgsm is vulnerable in a similar way?
>
> gpgsm uses Libgcrypt and Libgcrypt employs RSA blinding for a long time
> now. Thus it is not vulnerable. The reason Libgcrypt has RSA blinding
> is that it is used by online protocols like TLS were it is easy to mount
> certain timing attacks in the LAN. With GnuPG these calls of network
> based attacks are not possible and thus we did not used blinding in
> GnuPG-1.
I have a V2 OpenPGP SmartCard. I'm wondering if this would be vulnerable
to the attack in question? Also, what about the Crypto Stick? Presumably
these generate the same sort of noise during signing/decryption that
the CPU would, but there's nothing GnuPG can do in software to mask it?
--
Mike Cardwell https://grepular.com/ http://cardwellit.com/
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL: </pipermail/attachments/20131220/4c65fc0f/attachment.sig>
More information about the Gnupg-users
mailing list