Digi-Oek.ch · @DigiOekCH
3 followers · 20 posts · Server social.tchncs.de(3/3)
Countermeasures for developers/OpenPGP standard: (1) avoid #KOKV attacks by OpenPGP specification not leaving the task of confirming key #integrity to individual #implementations. (2) Use an #AEAD scheme (3). Deprecating #ElGamal encryption option in OpenPGP spec.
Paper & Info: https://www.kopenpgp.com/
#OpenPGP #PGP #E2E #Encryption #Verschlüsselung #KeyOverwritingAttack #KO
#ko #KeyOverwritingAttack #verschlüsselung #encryption #e2e #pgp #openpgp #elgamal #aead #implementations #integrity #KOKV
Digi-Oek.ch · @DigiOekCH
3 followers · 20 posts · Server social.tchncs.deVictory by KO: Attacking #OpenPGP Using Key Overwriting
#ETHZ pre-print for ACM Conf 11.2022
If you haven't read it yet:
Key Overwriting (KO) attacks might be possible if #adversary has write access to the #encrypted private key of the #victim such as with GopenPGP or OpenPGP.js libraries in applications like #ProtonMail #FlowCrypt (#GMail etc.) and if victim does not inspect their own (!) key #fingerprint before using the key.
#PGP #E2E #Encryption #Verschlüsselung #KeyOverwritingAttack #KO
#ko #KeyOverwritingAttack #verschlüsselung #encryption #e2e #pgp #fingerprint #gmail #flowcrypt #protonmail #victim #encrypted #adversary #ethz #openpgp