From 332078392068e5ddc42c815500c3930661cb68a0 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Sat, 2 Dec 2023 18:20:53 +0000 Subject: [PATCH] integrate @vanitasvitae comments --- book/source/05-private.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/book/source/05-private.md b/book/source/05-private.md index 5019d57..433d4fa 100644 --- a/book/source/05-private.md +++ b/book/source/05-private.md @@ -235,6 +235,10 @@ write OpenPGP is subject to specific vulnerabilities known as key overwriting (KO) attacks. These attacks exploit weaknesses in how encrypted private keys or their metadata are handled, potentially leading to the leakage of secret data when a key is used. The core issue lies in OpenPGP's handling of Secret-Key packets, where corruption of the public, non-encrypted fields of these packets can cause the correct private key material to be used with corrupted public key parameters. This mismatch can result in private key leakage. +Importantly, KO attacks are particularly relevant when an attacker is responsible for storing a user's encrypted private key material. The attack involves providing the user with a corrupted version of their own encrypted (passphrase-protected) key material, thereby compromising the key's integrity. + Understanding KO attacks is crucial due to their potential to compromise the integrity and confidentiality of encrypted communications. KO attacks highlight the necessity for robust key validation procedures and the dangers of storing keys in insecure environments. As OpenPGP application developers, you should be aware of these risks to ensure the secure management of keys and to implement appropriate countermeasures. +It's noteworthy that OpenPGP version 6 keys are not vulnerable to KO attacks when using S2K usage mode 253 (Argon2 + AEAD). This mode ensures the integrity of the public key by incorporating it into the encryption routine as additional data for verification. + For comprehensive information on KO attacks, including background, attack vectors, countermeasures, and technical analyses, visit [KOpenPGP.com](https://www.kopenpgp.com/). It is based on the paper "Victory by KO: Attacking OpenPGP Using Key Overwriting" written by Lara Bruseghini, Daniel Huigens, and Kenneth G. Paterson for the Proceedings of ACM Conference on Computer and Communications Security, Los Angeles, November 2022. \ No newline at end of file