Paper 2015/262

A look at the PGP ecosystem through the key server data

Hanno Böck

Abstract

PGP-based encryption systems use a network of key servers to share public keys. These key server operate on an add only basis, thus the data gives us access to PGP public keys from over 20 years of PGP usage. Analyzing this data allows searching for cryptographic weaknesses in large scale. I created a parser script that puts the raw cryptographic data of the PGP keys into a database. Doing this allows large scale searches for well-known vulnerabilities. DSA signatures with a duplicate $k$ value due to bad random numbers allow the calculation of the private key. Similarly analyzing RSA keys for shared prime factors allows factoring the modulus and thus also regenerating the private key. A small number of breakable keys due to these weaknesses were found.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
pgpdsarsarngkeyserver
Contact author(s)
hanno @ hboeck de
History
2015-03-22: received
Short URL
https://ia.cr/2015/262
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/262,
      author = {Hanno Böck},
      title = {A look at the {PGP} ecosystem through the key server data},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/262},
      year = {2015},
      url = {https://eprint.iacr.org/2015/262}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.