On 12/7/24 2:42 AM, Jacob Bachmeyer via Gnupg-devel wrote:
Alternately, for the next PGP protocol version, including a nonce N in the calculation of the digest H and also signing {N,H} instead of just H should allow longer nonces without risking the signature integrity. (I wonder if the SSH developers were thinking along those lines...)
FWIW, OpenPGP version 6 signatures, specified in RFC 9580, do contain a salt (https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3-2.10.1).
The signature hashing process starts with that salt (https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.4-2).
_______________________________________________ Gnupg-devel mailing list Gnupg-devel@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-devel
