Signing keys on a low-entropy system
Tapio Sokura
tapio.sokura at iki.fi
Fri Nov 8 18:07:21 CET 2013
On 8.11.2013 1:11, Johannes Zarl wrote:
> How is GnuPG affected by such a low-entropy system? Will operations just take
> a bit longer, or can this affect the quality/security of generated keys or
> signatures?
Key generation definitely needs good random data. But generating an RSA
signature is completely deterministic; the RSA operations themselves do
not use or need random data.
Another thing is that some signature schemes that use RSA also add
random padding data into the data that is being signed, but I don't
think signatures in PGP do that. I may be wrong though, haven't combed
through the PGP specs thoroughly.
Tapio
More information about the Gnupg-users
mailing list