AES-NI, symmetric key generation

Maricel Gregoraschko maricelgregoraschko at
Tue Mar 10 20:33:39 CET 2015

> AES is an algorithm that produces deterministic results. Not really something 
to backdoor like a RNG. 
I admit I haven't looked at the AES-NI instruction set, but I've read that it could be easy for the CPU to reconstruct the key from a sequence of calls typical to AES encryption/decryption (I think implementations even use Intel-provided code), and store it for later retrieval through a secret CPU instruction set.      From: Andre Heinecke <aheinecke at>
 To: gnupg-users at; Maricel Gregoraschko <maricelgregoraschko at> 
 Sent: Tuesday, March 10, 2015 5:05 AM
 Subject: Re: AES-NI, symmetric key generation

To answer your first question regarding gpg4win:

On Monday, March 09, 2015 05:15:14 PM Maricel Gregoraschko wrote:
> Hello All,I would first like to thank you for your effort and time
> developing gnupgp.I have a couple of questions: 1. Does GnuGP (in
> particular, the Windows binaries distributed for gpg4win) use AES-NI, the
> Intel dedicated AES instruction set?

No, it has been disabled due to a bug. I've opened gnupg/issue1919 to track 

> There are some concerns, I'm not sure
> how realistic, about backdoors built into the CPU themselves. 

AES is an algorithm that produces deterministic results. Not really something 
to backdoor like a RNG. 

> I noticed
> there is an option to "configure", --disable-aesni-support. Where can I get
> the full configure command as it was used to build the posted gpg4win
> binaries, to check if that switch was present or not?;a=blob;f=src/

Look for gpg4win_pkg_<package>_configure (e.g. gpg4win_pkg_libgcrypt_configure)

> Also is there any
> option to turn hardware acceleration on or off at runtime? 



Andre Heinecke |  ++49-541-335083-262  |
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150310/a728221a/attachment.html>

More information about the Gnupg-users mailing list