Impact of ROCA (CVE-2017-15361) in subkey vs. private key?
Damien Goutte-Gattat
dgouttegattat at incenp.org
Sun Oct 29 23:08:28 CET 2017
On 10/29/2017 07:18 PM, Shannon C wrote:
> Assuming that the secret key was generated outside of an Infineon
> chip, but that subsequently subkeys were generated by a chip with the
> ROCA vulnerability, does that compromise the main private key, or
> only the subkey?
There is no mathematical link between a primary (or master) key and a
subkey. A subkey is linked to a primary key only through a "subkey
binding signature".
If a subkey is compromised (meaning an attacker somehow managed to know
the private key, be it through the ROCA vulnerability or any other
method), this has *no impact* on the primary key. The attacker won't be
able to infer any information about the primary key.
This is also true the other way around: knowing the primary private key
does not allow to deduce the private subkey(s).
Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20171029/61babc1c/attachment.sig>
More information about the Gnupg-users
mailing list