GnuPG’s ElGamal signing keys compromised

[Full-Disclosure] GnuPG’s ElGamal signing keys compromised:

In January 2000, as part of version 1.0.2, the GnuPG code was changed
to create ElGamal keys which work more efficiently for encryption
(selecting a smaller x secret exponent and using a smaller k for
encryption). While making this change the problem with signing keys
was accidentally introduced: the same small k for encryption was also
used for signing. This can be used for a cryptographic attack to
reveal the private key (i.e. the secret exponent x) if a signature
made using that key is available. Such a signature is always
available for primary ElGamal keys because signatures created with
that key are used to bind the user ID and other material to the
primary key (self-signatures). Even if the key was never used for
signing documents it should be considered compromised.

Leave a Reply