Oracle behavior in Gnupg? //

Werner Koch wk at gnupg.org
Tue Jul 31 11:24:27 CEST 2012


On Mon, 30 Jul 2012 16:59, harningt at gmail.com said:

> it? If so, then I'd suggest that a "quiet" execution be performed that
> way only the exit code can be used that it's failure.

You should not rely on the exit code but parse all the information
returned by GPG.  GPGME makes this easy.

Given that GPG is just a tool and not a complete automated cryptographic
system, the developer needs to care about certain attacks by himself.
There are several points to watch out for, not only oracle attacks, but
for example also replay attacks.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list