Impact of ROCA (CVE-2017-15361) in subkey vs. private key?

Shannon C rehevkor5 at gmail.com
Sun Oct 29 20:18:14 CET 2017


I am wondering if anyone here can definitively say whether the ROCA
vulnerability (CVE-2017-15361) described here
https://crocs.fi.muni.cz/public/papers/rsa_ccs17 when it occurs in a subkey
will make the private key vulnerable?

I can't find anyone talking about this particular issue. Assuming that the
secret key was generated outside of an Infineon chip, but that subsequently
subkeys were generated by a chip with the ROCA vulnerability, does that
compromise the main private key, or only the subkey?

Some sites refuse to accept public keys with ROCA-affected subkeys even if
the subkeys have been revoked. However, some tools appear to differentiate
between the two. If, for example, I use https://keychest.net/roca to test
my public key, the test result for my main key is "safe". However, the test
result for the subkeys is, "Subject to ROCA, insecure." What's the right
way to interpret this information?

Thanks!
Shannon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20171029/551626cc/attachment.html>


More information about the Gnupg-users mailing list