On 08/11/13 18:07, Tapio Sokura wrote: > Another thing is that some signature schemes that use RSA also add > random padding data into the data that is being signed, but I don't > think signatures in PGP do that. I may be wrong though, haven't combed > through the PGP specs thoroughly.
Nope, OpenPGP uses EMSA-PKCS1-v1_5, which is completely deterministic. I /think/ GnuPG doesn't need any randomness for RSA signatures. I moved my random_seed file, and performed the following steps: - Extend the expiration date on an RSA testkey that was expired[1] - Sign a testfile - Verify the signature; this launched a trustdb check since I had edited the key And no new random_seed was ever generated. Then I tried encrypting to that key (after having extended the expiry date of the subkey as well), and now a random_seed was generated. So my guess is that indeed, RSA signatures do not use randomness. And that as soon as you use randomness, a random_seed file will be created. In fact, I seem to get the same results when not removing my old random_seed, but simply by looking at the modification time of the file: it will not be touched when randomness isn't used. Obviously, this is all conjecture. HTH, Peter. [1] Format: primary 2048R has SC capabilities, sub 2048R has E. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
