Signing keys on a low-entropy system
Peter Lebbing
peter at digitalbrains.com
Fri Nov 8 19:01:34 CET 2013
On 08/11/13 18:07, Tapio Sokura wrote:
> Another thing is that some signature schemes that use RSA also add
> random padding data into the data that is being signed, but I don't
> think signatures in PGP do that. I may be wrong though, haven't combed
> through the PGP specs thoroughly.
Nope, OpenPGP uses EMSA-PKCS1-v1_5, which is completely deterministic.
I /think/ GnuPG doesn't need any randomness for RSA signatures.
I moved my random_seed file, and performed the following steps:
- Extend the expiration date on an RSA testkey that was expired[1]
- Sign a testfile
- Verify the signature; this launched a trustdb check since I had edited the key
And no new random_seed was ever generated. Then I tried encrypting to that key
(after having extended the expiry date of the subkey as well), and now a
random_seed was generated.
So my guess is that indeed, RSA signatures do not use randomness. And that as
soon as you use randomness, a random_seed file will be created.
In fact, I seem to get the same results when not removing my old random_seed,
but simply by looking at the modification time of the file: it will not be
touched when randomness isn't used.
Obviously, this is all conjecture.
HTH,
Peter.
[1] Format: primary 2048R has SC capabilities, sub 2048R has E.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list