Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 34504 - GnuPG ElGamal keys might get compromised
Summary: GnuPG ElGamal keys might get compromised
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-11-27 02:07 UTC by fbusse
Modified: 2003-12-12 00:26 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Patch against GnuPG 1.2.3 (gnupg_patch.diff,2.33 KB, patch)
2003-11-27 02:08 UTC, fbusse
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description fbusse 2003-11-27 02:07:30 UTC
Phong Q. Nguyen discoverd a bug in GnuPG >=1.0.2:
Type 20 ElGamal private keys might get extracted from its signature via a cryptographic attack. 
Type 20 keys are not created by default but only if you specifically use --expert.
The GnuPG-maintainer Werner Koch released a patch for GnuPG 1.2.3 that disallows the creation of type 20 ElGamal keys. 
Existing type 20 keys should be revoked, Werner Koch already contacted the owners of those keys avaliable via the keyservers.
Currently, there's no announcement on gnupg.org, but you can find the advisory here (accidently sent to a newsgroup):
http://groups.google.de/groups?hl=de&lr=&ie=UTF-8&selm=E1AOvSk-0001IK-00%40alberti.g10code.de
Comment 1 fbusse 2003-11-27 02:08:12 UTC
Created attachment 21353 [details, diff]
Patch against GnuPG 1.2.3
Comment 2 Jelle Kalf 2003-11-27 08:16:14 UTC
Here's the GNUpg piper mail message:

http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html
Comment 3 SpanKY gentoo-dev 2003-11-29 15:40:15 UTC
lets be very specific in *what* keys might get compromised

elgamal isnt very widely used so no point in making a lot of people freak out
Comment 4 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-12-01 22:31:49 UTC
here is the announcement of the patch:

<http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html>

perhaps we should just include it until 'the next version' is released?
Comment 5 solar (RETIRED) gentoo-dev 2003-12-10 14:39:49 UTC
Rajiv, 
Have you had a chance to patch this yet?
Comment 6 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-12-11 22:38:07 UTC
taviso patched this in gnupg-1.2.3-r4.ebuild on 11/29/2003.
Comment 7 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-12-12 00:26:06 UTC
glsa 200312-05 <http://www.gentoo.org/security/en/glsa/glsa-200312-05.xml> sent as:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- --------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200312-05
- --------------------------------------------------------------------------

GLSA:        200312-05
Package:     app-crypt/gnupg
Summary:     GnuPG ElGamal signing keys compromised and
                format string vulnerability
Severity:    minimal
Gentoo bug:  34504, 35639
Date:        2003-12-12
CVE:         CAN-2003-0971, CAN-2003-0978
Exploit:     unknown
Affected:    <=1.2.3-r4
Fixed:       >=1.2.3-r5


DESCRIPTION:

Two flaws have been found in GnuPG 1.2.3.

First, ElGamal signing keys can be compromised. These keys are not
commonly used. Quote from
<http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html>:

   "Phong Nguyen identified a severe bug in the way GnuPG creates and
   uses ElGamal keys for signing. This is a significant security
   failure which can lead to a compromise of almost all ElGamal keys
   used for signing. Note that this is a real world vulnerability
   which will reveal your private key within a few seconds."

Second, there is a format string flaw in the 'gpgkeys_hkp' utility
which "would allow a malicious keyserver in the worst case to execute
an arbitrary code on the user's machine." See
<http://www.s-quadra.com/advisories/Adv-20031203.txt> for
details.


SOLUTION:

All users who have created ElGamal signing keys should immediately
revoke them. Then, all Gentoo Linux machines with gnupg installed
should be updated to use gnupg-1.2.3-r5 or higher.

        emerge sync
        emerge -pv '>=app-crypt/gnupg-1.2.3-r5'
        emerge '>=app-crypt/gnupg-1.2.3-r5'
        emerge clean


// end

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQE/2XUCnt0v0zAqOHYRAlrEAJwNpCuOGrcBcjKnC/c/F3AOxsTX3gCfU9ah
0gaONEybmmq0x4/vJheoXwg=
=F5DR
-----END PGP SIGNATURE-----