> Indeed; as best I can tell, keybase.io's OpenPGP implementation is not > checking any of the RSA cryptosystem's validity conditions. (Neither does > Google's E2E. GnuPGP and PGP check some, but not all.) What RSA public key > consumers should check, in rough order of importance: > > gcd(n, e) == 1 > n mod 2 == 1 > 1 < e <= 2^16+1 > is_prime(e) > > (Note that the last two are more restrictive than the sufficient conditions > for validity. There is no particular reason to be more lenient, however. It > is also nice to check that n can't be factored by trial division or random > ECM instances for rho, lambda, and p-1, but this is impractical for JS > implementations.)
Thank you for these suggestions, I’ll incorporate them into the Web client. The command-line client shells out to GnuPG so should be partially covered. Are there analagous checks recommended for DSA and ECDSA keys?
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
