Yes, GPGME does not conflate the status and logging output stream, and
thus is not vulnerable to this attack.
On 5/4/19 1:08 PM, Albrecht Dreß wrote:
Hi,
thanks a lot for your great work!
Just an additional question regarding the “GPG Api” attacks – can we
assume that all applications using gpgme (like Balsa,
<https://pawsa.fedorapeople.org/balsa/>) to talk to gpg are not
vulnerable regarding this attack class, as the lib handles cases G1 and
G2 properly?
Thanks,
Albrecht.
On 30.04.19 14:29, ilf wrote:
https://github.com/RUB-NDS/Johnny-You-Are-Fired
https://raw.githubusercontent.com/RUB-NDS/Johnny-You-Are-Fired/master/paper/johnny-fired.pdf
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
--
Dipl.-Math. Marcus Brinkmann
Lehrstuhl für Netz- und Datensicherheit
Ruhr Universität Bochum
Universitätsstr. 150, Geb. ID 2/461
D-44780 Bochum
Telefon: +49 (0) 234 / 32-25030
http://www.nds.rub.de/chair/people/mbrinkmann
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp