Phong Q. Nguyen discoverd a bug in GnuPG >=1.0.2: Type 20 ElGamal private keys might get extracted from its signature via a cryptographic attack. Type 20 keys are not created by default but only if you specifically use --expert. The GnuPG-maintainer Werner Koch released a patch for GnuPG 1.2.3 that disallows the creation of type 20 ElGamal keys. Existing type 20 keys should be revoked, Werner Koch already contacted the owners of those keys avaliable via the keyservers. Currently, there's no announcement on gnupg.org, but you can find the advisory here (accidently sent to a newsgroup): http://groups.google.de/groups?hl=de&lr=&ie=UTF-8&selm=E1AOvSk-0001IK-00%40alberti.g10code.de
Created attachment 21353 [details, diff] Patch against GnuPG 1.2.3
Here's the GNUpg piper mail message: http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html
lets be very specific in *what* keys might get compromised elgamal isnt very widely used so no point in making a lot of people freak out
here is the announcement of the patch: <http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html> perhaps we should just include it until 'the next version' is released?
Rajiv, Have you had a chance to patch this yet?
taviso patched this in gnupg-1.2.3-r4.ebuild on 11/29/2003.
glsa 200312-05 <http://www.gentoo.org/security/en/glsa/glsa-200312-05.xml> sent as: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200312-05 - -------------------------------------------------------------------------- GLSA: 200312-05 Package: app-crypt/gnupg Summary: GnuPG ElGamal signing keys compromised and format string vulnerability Severity: minimal Gentoo bug: 34504, 35639 Date: 2003-12-12 CVE: CAN-2003-0971, CAN-2003-0978 Exploit: unknown Affected: <=1.2.3-r4 Fixed: >=1.2.3-r5 DESCRIPTION: Two flaws have been found in GnuPG 1.2.3. First, ElGamal signing keys can be compromised. These keys are not commonly used. Quote from <http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html>: "Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds." Second, there is a format string flaw in the 'gpgkeys_hkp' utility which "would allow a malicious keyserver in the worst case to execute an arbitrary code on the user's machine." See <http://www.s-quadra.com/advisories/Adv-20031203.txt> for details. SOLUTION: All users who have created ElGamal signing keys should immediately revoke them. Then, all Gentoo Linux machines with gnupg installed should be updated to use gnupg-1.2.3-r5 or higher. emerge sync emerge -pv '>=app-crypt/gnupg-1.2.3-r5' emerge '>=app-crypt/gnupg-1.2.3-r5' emerge clean // end -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/2XUCnt0v0zAqOHYRAlrEAJwNpCuOGrcBcjKnC/c/F3AOxsTX3gCfU9ah 0gaONEybmmq0x4/vJheoXwg= =F5DR -----END PGP SIGNATURE-----