> On 29 Oct 2017, at 19:18, Shannon C <rehevk...@gmail.com> wrote:
> I can't find anyone talking about this particular issue. Assuming that the 
> secret key was generated outside of an Infineon chip, but that subsequently 
> subkeys were generated by a chip with the ROCA vulnerability, does that 
> compromise the main private key, or only the subkey?

There should be no way for a compromised subkey to affect the security of its 
primary key. Creating a subkey does not alter the primary key in any way; all 
that happens is that an SBIND signature is created by the primary key for the 
subkey. This does not compromise the primary key material if done in a 
conformant way (if it did, your implementation would have *much* more serious 

Further, if the subkey is revoked, the overall effect should be as if the 
subkey did not exist. An application that complains about revoked subkeys is 
probably being overly paranoid. There may be a flimsy argument that doing so 
might protect those people whose clients do not handle revocations properly. 
But if a client were to ignore subkey revocations then again, it has bigger 


Gnupg-users mailing list

Reply via email to