On 10/29/2017 07:18 PM, Shannon C wrote:
Assuming that the secret key was generated outside of an Infineon
chip, but that subsequently subkeys were generated by a chip with the
ROCA vulnerability, does that compromise the main private key, or
only the subkey?

There is no mathematical link between a primary (or master) key and a subkey. A subkey is linked to a primary key only through a "subkey binding signature".

If a subkey is compromised (meaning an attacker somehow managed to know the private key, be it through the ROCA vulnerability or any other method), this has *no impact* on the primary key. The attacker won't be able to infer any information about the primary key.

This is also true the other way around: knowing the primary private key does not allow to deduce the private subkey(s).


Attachment: signature.asc
Description: OpenPGP digital signature

Gnupg-users mailing list

Reply via email to