[cryptography] Duplicate primes in lots of RSA moduli

Werner Koch wk at gnupg.org
Thu Feb 16 04:15:12 EST 2012


On Wed, 15 Feb 2012 23:22, fw at deneb.enyo.de said:

> implementations seem to interpret it as a hard limit.  The V4 key
> format has something which the OpenPGP specification calls an
> "expiration date", but its not really enforceable because it can be
> stripped by an attacker and extended by someone who has access to the
> private key, by creating a new self-signature.  In this sense, the

The first part of your claim is wrong.  The expiration date can't be
stripped by an attacker because it is bound by a self-signature to the
key.  The self-signature is mandatory for OpenPGP keys.  In that sense
it is the same as with the NotAfter date in X.509.

Sure, if you have access to the primary private key [1] you can mount
almost all kinds of attack.  I know that you consider it a weakness that
the expiration date is not included in the fingerprint.  However, we
considered it an advantage to allow the owner of the private key to
prolong the expiration date.


Shalom-Salam,

   Werner


[1] There is no need to keep the primary private key online.  For day to
    day operations it is possible to use secondary keys.

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the cryptography mailing list