Adding a nounce before hashing as covert channel
Werner Koch
wk at gnupg.org
Tue Dec 17 09:02:31 CET 2024
On Mon, 16 Dec 2024 15:22, Andrew Gallagher said:
> Werner, *you* proposed a solution for this in the LibrePGP draft:
> https://datatracker.ietf.org/doc/html/draft-koch-librepgp#section-5.2.3.33
5.2.3.33. Literal Data Meta Hash
This subpacket MAY be used to protect the meta data from the Literal
Data Packet with V4 signatures. The hash is computed using SHA2-256
from this data:
This is a proposal to add this to v4 sinature in a backward compatible
way. We had a direct hashing in the rfc4880bis which was then removed
from the draft for no good reason. Adding a hack later is not what
counts as a solid successor of rfc4880.
As of know the demand for this is not hight enough to implement it for
v4 packets. Inparticular due to the immediate pending mode to PQC and
thus v5 (for encryption right now). The rollout strategy here is
1. Deploy PQC-resistent encryption keys along with standard encryption
keys.
2. Enable a requirement for thus keys (--require-pqc-encryption)
3. Switch to v5 signing and encryption keys in selected user groups.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20241217/085dba69/attachment.sig>
More information about the Gnupg-devel
mailing list