AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

Fiedler Roman Roman.Fiedler at ait.ac.at
Wed Sep 5 11:27:52 CEST 2018


> Von: Werner Koch [mailto:wk at gnupg.org]
> 
> On Tue,  4 Sep 2018 18:31, Roman.Fiedler at ait.ac.at said:
> 
> > At which byte offset should I find the signer key fingerprint?
> 
> That is an encrypted message and thus can you seen the the signature.

That is good, one more issue not having to care about.
 
> >> Leaving this out would not help because it is easy to
> >> figure out the key by trial verification against all known keys.
> >
> > Well, that would be all keys in the 2^2048 key space, so the problem
> > should be as hard to solve as factorization itself. As keys are never
> > transmitted unencrypted, the attacker has no chance to know a single
> 
> Nope.  Public keys, which are required to check a signature, are, as the
> name says, public and availabale from several sources, for example the
> key servers.

Sorry, but you are completely off here. You might also publish your public
keys world wide. But they may also be known only to a closed user group
to avoid traffic analysis, user enumeration, factorization attacks if poor
generators were used, ..

If you do not believe me, just search your key servers for NSA, BND, ...
public keys. I am sure, they use public key cryptography in many domains
and have very little of their public keys published.

The real topic of this discussion might be more if gnupg is a generic public key
cryptography security solution (where hiding keys might make sense, thus
software should be able to help fulfilling that goal) or if gnupg should only
be used for desktop e-mail encryption, where all those issues are much
less pressing as security requirements are much lower.

Regards,
Roman


More information about the Gnupg-users mailing list