On 10/29/2017 07:18 PM, Shannon C wrote:
Assuming that the secret key was generated outside of an Infineon chip, but that subsequently subkeys were generated by a chip with the ROCA vulnerability, does that compromise the main private key, or only the subkey?
There is no mathematical link between a primary (or master) key and a subkey. A subkey is linked to a primary key only through a "subkey binding signature".
If a subkey is compromised (meaning an attacker somehow managed to know the private key, be it through the ROCA vulnerability or any other method), this has *no impact* on the primary key. The attacker won't be able to infer any information about the primary key.
This is also true the other way around: knowing the primary private key does not allow to deduce the private subkey(s).
Damien
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
