Paper 2002/076

Attack on Private Signature Keys of the OpenPGP Format, PGP(TM) Programs and Other Applications Compatible with OpenPGP

Vlastimil Klima and Tomas Rosa


The article describes an attack on OpenPGP format, which leads to disclosure of the private signature keys of the DSA and RSA algorithms. The OpenPGP format is used in a number of applications including PGP, GNU Privacy Guard and other programs specified on the list of products compatible with OpenPGP, which is available at Therefore all these applications must undergo the same revision as the actual program PGP. The success of the attack was practically verified and demonstrated on the PGP program, version 7.0.3 with a combination of AES and DH/DSS algorithms. As the private signature key is the basic information of the whole system which is kept secret, it is encrypted using the strong cipher. However, it shows that this protection is illusory, as the attacker has neither to attack this cipher nor user´s secret passphrase. A modification of the private key file in a certain manner and subsequent capturing of one signed message is sufficient for successful attack. Insufficient protection of the integrity of the public as well as private parts of signature keys in the OpenPGP format is analyzed in DSA and RSA algorithms and on the basis of this, a procedure of attacks is shown on both private signature keys. The attacks apply to all lengths of parameters (modules, keys) of RSA and DSA. In the end the cryptographic measures for correction of the OpenPGP format as well as PGP format are proposed.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Originally published on March 2001 at
PGPOpenPGPfault attackRSADSA
Contact author(s)
vlastimil klima @ i cz
2002-06-17: received
Short URL
Creative Commons Attribution


      author = {Vlastimil Klima and Tomas Rosa},
      title = {Attack on Private Signature Keys of the {OpenPGP} Format, {PGP}({TM}) Programs and Other Applications Compatible with {OpenPGP}},
      howpublished = {Cryptology ePrint Archive, Paper 2002/076},
      year = {2002},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.