<<< Date Index >>>     <<< Thread Index >>>

GnuPG's ElGamal signing keys compromised



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

Hi,

David Shaw wrote a patch against GnuPG 1.2.3 to disable the ability to
create signatures using the ElGamal sign+encrypt (type 20) keys as
well as to remove the option to create such keys.

This patch will go into the next release; if you feel better with
those flawed features disabled, you may want to apply this patch.


Thanks,

  Werner


Index: getkey.c
===================================================================
RCS file: /cvs/gnupg/gnupg/g10/getkey.c,v
retrieving revision 1.78.2.20
diff -u -r1.78.2.20 getkey.c
--- getkey.c    21 Jul 2003 14:55:00 -0000      1.78.2.20
+++ getkey.c    27 Nov 2003 00:32:30 -0000
@@ -1655,6 +1655,11 @@
         if ( x ) /* mask it down to the actual allowed usage */
             key_usage &= x; 
     }
+
+    /* Type 20 Elgamal keys are not usable. */
+    if(pk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
+      key_usage=0;
+
     pk->pubkey_usage = key_usage;
 
     if ( !key_expire_seen ) {
@@ -1869,6 +1874,13 @@
         if ( x ) /* mask it down to the actual allowed usage */
             key_usage &= x; 
     }
+
+    /* Type 20 Elgamal subkeys or any subkey on a type 20 primary are
+       not usable. */
+    if(mainpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL
+       || subpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
+      key_usage=0;
+
     subpk->pubkey_usage = key_usage;
     
     p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
Index: keygen.c
===================================================================
RCS file: /cvs/gnupg/gnupg/g10/keygen.c,v
retrieving revision 1.90.2.11
diff -u -r1.90.2.11 keygen.c
--- keygen.c    16 Jul 2003 03:09:15 -0000      1.90.2.11
+++ keygen.c    27 Nov 2003 00:32:31 -0000
@@ -958,8 +958,6 @@
     tty_printf(    _("   (%d) DSA (sign only)\n"), 2 );
     if( addmode )
        tty_printf(    _("   (%d) ElGamal (encrypt only)\n"), 3 );
-    if (opt.expert)
-        tty_printf(    _("   (%d) ElGamal (sign and encrypt)\n"), 4 );
     tty_printf(    _("   (%d) RSA (sign only)\n"), 5 );
     if (addmode)
         tty_printf(    _("   (%d) RSA (encrypt only)\n"), 6 );
@@ -989,21 +987,6 @@
            algo = PUBKEY_ALGO_RSA;
             *r_usage = PUBKEY_USAGE_SIG;
            break;
-       }
-       else if( algo == 4 && opt.expert)
-         {
-           tty_printf(_(
-"The use of this algorithm is only supported by GnuPG.  You will not be\n"
-"able to use this key to communicate with PGP users.  This algorithm is also\n"
-"very slow, and may not be as secure as the other choices.\n"));
-
-           if( cpr_get_answer_is_yes("keygen.algo.elg_se",
-                                     _("Create anyway? ")))
-             {
-               algo = PUBKEY_ALGO_ELGAMAL;
-               *r_usage = PUBKEY_USAGE_ENC | PUBKEY_USAGE_SIG;
-               break;
-             }
        }
        else if( algo == 3 && addmode ) {
            algo = PUBKEY_ALGO_ELGAMAL_E;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/xa20aLeriVdUjc0RAvXcAKCIxQR0JbaxfX/EFpI4NLcb4vUI2ACZAQTx
zfX4QUrn7HnluPP4Pfoofdk=
=OtPO
-----END PGP SIGNATURE-----