rnp: CVE-2025-13402: rnp uses all-zero session keys

Uwe Kleine-König Thu, 20 Nov 2025 08:57:15 -0800

Package: rnp
Version: 0.18.0-4
Severity: grave
File: /usr/bin/rnp
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team 
<[email protected]>


Hello,

Quoting the bug report https://bugzilla.redhat.com/show_bug.cgi?id=2415863:

        session keys generated for PKESK are not randomized but always zero

The reproducer from above link works "fine":

        (sid_arm64-dchroot)ukleinek@amdahl:~$ rnp --version
        rnp 0.18.0-4
        ...

        (sid_arm64-dchroot)ukleinek@amdahl:~$ echo sekrit > lala.txt

        (sid_arm64-dchroot)ukleinek@amdahl:~$ mkdir /tmp/rnptmphome

        (sid_arm64-dchroot)ukleinek@amdahl:~$ rnpkeys -g --homedir 
/tmp/rnptmphome
        Keyring directory '/tmp/rnptmphome' is empty.
        Use "rnpkeys" command to generate a new key or import existing keys 
from the file or GnuPG keyrings.
        Generating a new key...
        Enter password for key 0xF73668AEF8A7E5F3 to protect:
        Repeat password for key 0xF73668AEF8A7E5F3:
        Would you like to use the same password to protect subkey(s)? (y/N) y

        sec   3072/RSA f73668aef8a7e5f3 2025-11-20 [SC] [EXPIRES 2027-11-20]
              52fde9716b1e8b12c5d5dfcaf73668aef8a7e5f3
        uid           RSA (Encrypt or Sign) 3072-bit key <ukleinek@localhost>
        ssb   3072/RSA 5ecd8bdf4aa19170 2025-11-20 [E] [EXPIRES 2027-11-20]
              6f42371ab63f46da26b4de4e5ecd8bdf4aa19170

        (sid_arm64-dchroot)ukleinek@amdahl:~$ rnp --homedir /tmp/rnptmphome -es 
--armor lala.txt
        Enter password for key 0xF73668AEF8A7E5F3 to sign:

        (sid_arm64-dchroot)ukleinek@amdahl:~$ cat lala.txt.asc
        -----BEGIN PGP MESSAGE-----

        
wcDMA17Ni99KoZFwAQwAjXIpZjJcXc6oRuhrzrwLTXh69G2qtOLmgrQ3BRgtYneDBg45DokXSDcq
        
a2rP+DfHtPAOzKJ1vH3t+YPCpZQ0rSQe5Al4zzbCbiOQDGIAnfRoAikvbvy6nL6al73PO47pVm2j
        
BRsqb5uhN6wWXcuOkQ8LoU5yKfDVpOgndoyADdEbGAOJVJ9/64RJPFyTkAVc4s6sN/tTVx2yt01w
        
DBb92TwfRhGsm3W0tfFbsw0IRfLsDh3FdlbeffJdp6iPw5RSuAFM8UryY6Ookim0t+j6XQWARbka
        
T85BvA1dl+fP5Bm3/aDzihboZjVyfZoRFkontAJhxlY8cN19jxLVPpj18WHmchr+0+vk+ZORlaBN
        
+JH/Q7WPXIT/KrzkVb/k5oDCMel8/1JC+9/9L8vO9j2o5NlhRigKArAr5W3U5eHMTGZJGDSoIHiP
        
mXZQRk517qOv57tu4QEVtGIsrVVX9C2/lCjAwy2CUaZRBs+hnoso6dU+I95Oll45HtQT8iPUNGxV
        
0sFUAWMLV21LQcpVrBcINYSNotGNySwN/kxzqKSEkYMa/vwgOb8FGxhYZouWyluAKijQtSu3bzk9
        
gdQM71PoIvk+SL4GR+gqRR68L5B2bUfByBhAxpJIANJJuwQXlmhKzSP9y1sIf2OXHoRetLOoaKzF
        
13zqObOx47jkvDkSLJxKigJwRY56g+DN/as72iQ9Gy9b18IbtAMs6b2+n4tb4pN3YCYB7eMKRyGr
        
6g0w/lPndxxKjXSnOni/qs4c0xPHAxYs85NKGHIsxE0jRCsyCxOTnIZ+ogm05DpGodpBYJnUF7NF
        
FpkzVntlMqMO5jwQugLnwYbetO9CfukgPojik1ZpXd/z10GXqgfksa46nh64wpdvbyW/qED0Ve/W
        
DLHCd78sKOLdO1hJWnfD+88gCZcH9Ww4b6BelduMSjOcaQt6NGMtoyWQqI+VYS/6wCJzZm7XD+G8
        
NjDFHOjH6P7F1B/4efpQEOLkf6iujAX9EHKLGPGbqQVsqZXSfFfc62/NBklv5YiwKR6o+RkjpzGy
        
/6daBkI6wYaqhanSBA4q7I3weEfN6QTowkUtK2jRWCzogk1tR6hRLtioJL1whKWzgw7SwEf7OmuD
        
DSEAbeiSCqrkLX9RML+YRLqYf4ZHQKSBzst/uNzzgG7oyPu3CCEfEiadkZSGMSz+dJixAiZ5QX3Q
        isrNJ3YYRcQiNEYNFIX9Y2IEYLxhJw==
        =KOin
        -----END PGP MESSAGE-----

Pasting lala.txt.asc on https://dump.sequoia-pgp.org/ and providing
0000000000000000000000000000000000000000000000000000000000000000 as
session key discloses the original content of lala.txt.

https://dump.sequoia-pgp.org/?data=-----BEGIN%20PGP%20MESSAGE-----%0D%0A%0D%0AwcDMA17Ni99KoZFwAQwAjXIpZjJcXc6oRuhrzrwLTXh69G2qtOLmgrQ3BRgtYneDBg45DokXSDcq%0D%0Aa2rP%2BDfHtPAOzKJ1vH3t%2BYPCpZQ0rSQe5Al4zzbCbiOQDGIAnfRoAikvbvy6nL6al73PO47pVm2j%0D%0ABRsqb5uhN6wWXcuOkQ8LoU5yKfDVpOgndoyADdEbGAOJVJ9/64RJPFyTkAVc4s6sN/tTVx2yt01w%0D%0ADBb92TwfRhGsm3W0tfFbsw0IRfLsDh3FdlbeffJdp6iPw5RSuAFM8UryY6Ookim0t%2Bj6XQWARbka%0D%0AT85BvA1dl%2BfP5Bm3/aDzihboZjVyfZoRFkontAJhxlY8cN19jxLVPpj18WHmchr%2B0%2Bvk%2BZORlaBN%0D%0A%2BJH/Q7WPXIT/KrzkVb/k5oDCMel8/1JC%2B9/9L8vO9j2o5NlhRigKArAr5W3U5eHMTGZJGDSoIHiP%0D%0AmXZQRk517qOv57tu4QEVtGIsrVVX9C2/lCjAwy2CUaZRBs%2Bhnoso6dU%2BI95Oll45HtQT8iPUNGxV%0D%0A0sFUAWMLV21LQcpVrBcINYSNotGNySwN/kxzqKSEkYMa/vwgOb8FGxhYZouWyluAKijQtSu3bzk9%0D%0AgdQM71PoIvk%2BSL4GR%2BgqRR68L5B2bUfByBhAxpJIANJJuwQXlmhKzSP9y1sIf2OXHoRetLOoaKzF%0D%0A13zqObOx47jkvDkSLJxKigJwRY56g%2BDN/as72iQ9Gy9b18IbtAMs6b2%2Bn4tb4pN3YCYB7eMKRyGr%0D%0A6g0w/lPndxxKjXSnOni/qs4c0xPHAxYs85NKGHIsxE0jRCsyCxOTnIZ%2Bogm05DpGodpBYJnUF7NF%0D%0AFpkzVntlMqMO5jwQugLnwYbetO9CfukgPojik1ZpXd/z10GXqgfksa46nh64wpdvbyW/qED0Ve/W%0D%0ADLHCd78sKOLdO1hJWnfD%2B88gCZcH9Ww4b6BelduMSjOcaQt6NGMtoyWQqI%2BVYS/6wCJzZm7XD%2BG8%0D%0ANjDFHOjH6P7F1B/4efpQEOLkf6iujAX9EHKLGPGbqQVsqZXSfFfc62/NBklv5YiwKR6o%2BRkjpzGy%0D%0A/6daBkI6wYaqhanSBA4q7I3weEfN6QTowkUtK2jRWCzogk1tR6hRLtioJL1whKWzgw7SwEf7OmuD%0D%0ADSEAbeiSCqrkLX9RML%2BYRLqYf4ZHQKSBzst/uNzzgG7oyPu3CCEfEiadkZSGMSz%2BdJixAiZ5QX3Q%0D%0AisrNJ3YYRcQiNEYNFIX9Y2IEYLxhJw%3D%3D%0D%0A%3DKOin%0D%0A-----END%20PGP%20MESSAGE-----%0D%0A&session_key=0000000000000000000000000000000000000000000000000000000000000000

rnp/trixie is unaffected.

-- System Information:
Debian Release: forky/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: arm64 (aarch64)

Kernel: Linux 6.12.57+deb13-arm64 (SMP w/8 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

Versions of packages rnp depends on:
ii  libbotan-3-7  3.7.1+dfsg-2
ii  libc6         2.41-12
ii  libgcc-s1     15.2.0-8
ii  libjson-c5    0.18+ds-1.1
ii  librnp0       0.18.0-4
ii  libstdc++6    15.2.0-8

rnp recommends no packages.

rnp suggests no packages.

-- no debconf information

Bug#1121081: /usr/bin/rnp: CVE-2025-13402: rnp uses all-zero session keys

Reply via email to