Security-Corporation ID : SC-0797
URL : http://www.security-corporation.com/articles-20031127-003.html
Author : Werner Koch
Product : GnuPG
Source Message Contents : GnuPG's ElGamal signing keys compromised
Summary
=======
Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will
reveal your private key within a few seconds.
Please *take immediate action and revoke your ElGamal signing keys*. Furthermore you should take whatever measures necessary to limit the damage done for signed or encrypted documents using that key.
Please do not send private mail in response to this message as I won't have the time to catch up with all the messages. The mailing list gnupg-users@gnupg.org is the best place to discuss this problem (please subscribe first so you don't need moderator approval [2]).
Note that the standard keys as generated by GnuPG (DSA and ElGamal encryption) as well as RSA keys are NOT vulnerable. Note also that ElGamal signing keys cannot be generated without the use of a special flag to enable hidden options and even then overriding a warning message about this key type. See below for details on how to identify vulnerable keys.
This message is signed using the usual GnuPG distribution key[1]. I apologize for this severe bug and all the problems resulting from it.
Impact:
=======
All ElGamal sign+encrypt keys (type 20) generated with GnuPG 1.0.2 or later must be considered compromised. Keys generated and used only with prior versions might still be safe but should ideally be revoked too. Note that even if an ElGamal sign+encrypt key was generated
before GnuPG 1.0.2, using that key in GnuPG 1.0.2 or later to issue signatures will still compromise the key.
Again, ElGamal encrypt-only keys (type 16) from any version of GnuPG are *not* affected.
Solution:
=========
Do not use *ElGamal sign+encrypt keys (type 20)*. Revoke all those keys immediately. Consider all material signed or encrypted with such a key as compromised.
Forthcoming GnuPG versions will remove the ability to create such keys and the ability create ElGamal signatures.
Complete details at http://www.security-corporation.com/articles-20031127-003.html
A serious vulnerability has been discovered in GnuPG, a free software package used for digitally signing and encrypting messages. The flaw allows the private key of an individual to be revealed.
Werner Koch, the creator of the package, said the flaw lay in the way GnuPG created and used ElGamal keys for signing. He said it was a significant security failure which could lead to a compromise of almost all ElGamal keys used for signing. "Note that this is a real world vulnerability which will reveal your private key within a few seconds," Koch warned.
http://www.smh.com.au/articles/2003/11/28/1069825963994.html
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic