![[GnuPG Logo]](/logo-gnupg-light-purple-bg.png){kind=logo}
|
|||
| · English · |
| Links | |
ecc: Store EdDSA session key in secure memory.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): use mpi_snew to allocate session key. -- An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily revover the long- term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Signed-off-by: Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>
|
||||||||||||||||||||||
