Home GnuPG
Diffusion libgcrypt b85c8d664503

rsa: Add verify after sign to avoid Lenstra's CRT attack.
b85c8d664503Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

rsa: Add verify after sign to avoid Lenstra's CRT attack.

* cipher/rsa.c (rsa_sign): Check the CRT.

Failures in the computation of the CRT (e.g. due faulty hardware) can
lead to a leak of the private key. The standard precaution against
this is to verify the signature after signing. GnuPG does this itself
and even has an option to disable this. However, the low performance
impact of this extra precaution suggest that it should always be done
and Libgcrypt is the right place here. For decryption is not done
because the application will detect the failure due to garbled
plaintext and in any case no key derived material will be send to the
user.

  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on Aug 31 2015, 11:13 PM
Parents
rC9f32789ee81c: w32: Fix alignment problem with AESNI on Windows >= 8
Branches
Unknown
Tags
Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rCb85c8d664503: rsa: Add verify after sign to avoid Lenstra's CRT attack. (authored by Werner Koch <wk@gnupg.org>).Sep 4 2015, 1:00 PM

Changes (1)

PathSize
cipher/

rCb85c8d664503

View Options

cipher/rsa.c

Loading...