GnuPG public key vulnerability?

[David Shaw]

On Oct 31, 2017, at 8:10 PM, murphy <mac3iii at gmail.com> wrote:
> 
> I got a signed notification from facebook (good signature, enigmail)
> that claims my GnuPG generated public key has a "recently disclosed
> vulnerability".  This is the full text:
> 
> We have detected that the OpenPGP key on your Facebook profile may be
> susceptible to attacks due to a recently disclosed vulnerability.  We
> recommend that you revoke and replace your public key immediately to
> minimize the risk to your encrypted communications.  You can update your
> public key by visiting your Security and Login settings.  To help reduce
> the risk of your key being attacked, we have set the privacy of your
> potentially vulnerable public key on your profile to "Only Me" to limit
> further distribution.  We will continue to encrypt your notification
> emails using this OpenPGP public key.
> 
> This is doubly weird since the private/public key was generated on a
> Yubikey-4 nano and it is safe at home.  Does anyone know what this may
> be about?

Yes.

Recently, a flaw in the firmware for some Infineon hardware crypto was found.  RSA keys that were generated with this faulty firmware are not nearly as strong as their key length would imply.

You mention a Yubikey 4 nano, and unfortunately, that is one of the devices that used Infineon components.  In the case of a Yubikey and OpenPGP, if you generate the key *on* a vulnerable Yubikey, you may have a problem.  If you generate the OpenPGP key elsewhere and *import* the key to your Yubikey, you are not affected.

The Yubico people have a site up to check your device serial number to see if it is vulnerable and are offering a replacement program.  See https://www.yubico.com/keycheck/

There has been some discussion of the implications of this vulnerability on this list.  Search the list archives for "ROCA" to see more.

The original paper is at https://crocs.fi.muni.cz/public/papers/rsa_ccs17

David