Extraction of private encryption keys from GnuPG

by George Chetcuti [Published on 30 July 2013 / Last Updated on 30 July 2013]

GnuPG in its current form is not safe for a multi-user system or for any system that may run untrusted code.

This paper describes the Flush+Reload attack and its use for extracting the RSA private key from GnuPG. The attack is able to recover over 98% of the bits of the private key, virtually breaking the key, by capturing a single decryption or signing round. The attack requires the spy program and the victim to share pages, and can work over the isolation layer of virtualised systems.

Download the paper from here - http://eprint.iacr.org/2013/448.pdf

Review and Comments

* Required field

See Also

Featured Links