On 08/04/15 18:43, Jan Svensson wrote: > From what I've read it seems like GPG internally is using blinding to > avoid RSA timing attacks, but I guess it is not possible for a user of > GPG to use those functions in a similar way as I describe above.
Those are two different beasts, by the way. You want to blind the /data/. In OpenPGP, the data that is to be signed is hashed, and only the /hash/ is signed with, e.g., RSA. So it could be said that the hash is blinded[1], but the signed data definitely is not. My gut feeling is that OpenPGP is ill suited for this task, but I haven't thought thorougly about it. HTH, Peter. [1] Not sure if that is proper use of the terminology, I'd usually say the operation is blinded, not the data. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
