FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ElGamal sign+encrypt keys created by GnuPG can be compromised

Affected packages
1.0.2 <= gnupg < 1.2.3_4

Details

VuXML ID 81313647-2d03-11d8-9355-0020ed76ef5a
Discovery 2003-11-27
Entry 2003-12-12

Any ElGamal sign+encrypt keys created by GnuPG contain a cryptographic weakness that may allow someone to obtain the private key. These keys should be considered unusable and should be revoked.

The following summary was written by Werner Koch, GnuPG author:

Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds.

...

Please take immediate action and revoke your ElGamal signing keys. Furthermore you should take whatever measures necessary to limit the damage done for signed or encrypted documents using that key.

Note that the standard keys as generated by GnuPG (DSA and ElGamal encryption) as well as RSA keys are NOT vulnerable. Note also that ElGamal signing keys cannot be generated without the use of a special flag to enable hidden options and even then overriding a warning message about this key type. See below for details on how to identify vulnerable keys.

References

CVE Name CVE-2003-0971
Message http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html