On 10/29/2017 07:18 PM, Shannon C wrote:
Assuming that the secret key was generated outside of an Infineon
chip, but that subsequently subkeys were generated by a chip with the
ROCA vulnerability, does that compromise the main private key, or
only the subkey?


There is no mathematical link between a primary (or master) key and a subkey. A subkey is linked to a primary key only through a "subkey binding signature".

If a subkey is compromised (meaning an attacker somehow managed to know the private key, be it through the ROCA vulnerability or any other method), this has *no impact* on the primary key. The attacker won't be able to infer any information about the primary key.

This is also true the other way around: knowing the primary private key does not allow to deduce the private subkey(s).

Damien

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to