[TriLUG] GnuPG and ElGamal issues
Tanner Lovelace
lovelace at wayfarer.org
Wed Dec 17 12:57:56 EST 2003
Jeff Bollinger wrote:
> I've only briefly looked at the issue with PGP keys that were generated
> with GnuPG, where the key can be compromised. What, it anything, have
> folks done regarding this issue? Have you revoked your old keys, and
> created new ones with a patched version of GnuPG? If so, what's the
> best way to get new keys distributed, have the revocation key sent to
> all the keyservers, etc.?
>
> Thanks,
> Jeff
>
The key that's at risk is one that probably no one here has. It's
an ElGamal *signing-only* key. The only way you can generate
one of these is to manually select it when you create a key.
The normal DSA/ElGamal key that GPG defaults to is not at risk,
so there's currently no need to revoke your keys.
Cheers,
Tanner
--
Tanner Lovelace | lovelace(at)wayfarer.org | http://wtl.wayfarer.org/
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
GPG Fingerprint = A66C 8660 924F 5F8C 71DA BDD0 CE09 4F8E DE76 39D4
GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
101010 - The Ultimate answer to Life, the Universe and Everything.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 222 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20031217/d8ae32cb/attachment.pgp>
More information about the TriLUG
mailing list