GNU Privacy Guard - Problems

Problems

The neutrality of this section is disputed. Please do not remove this message until the dispute is resolved.

The OpenPGP standard specifies several methods of digitally signing messages. In 2003, due to an error in a change to GnuPG intended to make one of those methods more efficient, a security vulnerability was introduced. It affected only one method of digitally signing messages, only for some releases of GnuPG (1.0.2 through 1.2.3), and there were fewer than 1000 such keys listed on the key servers. Most people did not use this method, and were in any case discouraged from doing so, so the damage caused (if any, and none has been publicly reported) would appear to have been minimal. Support for this method has been removed from GnuPG versions released after this discovery (1.2.4 and later). Two further vulnerabilities were discovered in early 2006; the first being that scripted uses of GnuPG for signature verification may result in false positives, the second that non-MIME messages were vulnerable to the injection of data which while not covered by the digital signature, would be reported as being part of the signed message. In both cases updated versions of GnuPG were made available at the time of the announcement.

GnuPG is a command-line based system, that is not written as an API which can be incorporated into other software. GPGME is an API wrapper around GnuPG which parses the output of GnuPG, and various graphical front-ends based on GPGME have been created. This currently requires an out-of-process call to the GnuPG executable for many GPGME API calls. Because GPGME makes use of a special GnuPG interface designed for machine use, a stable and maintainable API between the components is given. Possible security problems in an application do not propagate to the actual crypto code due to the process barrier.

Read more about this topic:  GNU Privacy Guard

Famous quotes containing the word problems:

    As our disorderly, competitive technological society is piling up its victims and constantly developing new problems of maladjustment, we must use our scientific knowledge to determine the cause and prevention of suffering rather than putting all our emphasis on its alleviation ...
    Agnes E. Meyer (1887–1970)

    While the onset of puberty can vary by as much as six years, every adolescent wants to be right on the 50-yard line, right in the middle of the field. One is always too tall, too short, too thin, too fat, too hairy, too clear-skinned, too early, too late. Understandably, problems of self-image are rampant.
    Joan Lipsitz (20th century)

    The man who is forever disturbed about the condition of humanity either has no problems of his own or has refused to face them.
    Henry Miller (1891–1980)