python-gnupg security vulnerability

[Imran Azad]

Hi

Is there a chance that a bug in python-gnupg can cause the encrypted
data from GnuPGP to be cryptographically broken?

[Jim Klo]

DISCLAIMER - I'm not a cryptographer, but have been involved a bit with crypto pretty deep for the last couple of years and here's what I can offer:

Ultimately python-gnupg  is only as secure as the GPG executable and your application environment, since it's just a wrapper around the shell executable. As being cryptographically secure, yes it is, and yes it can be broken with time, this is true with ALL modern cryptography, it's just a matter of how long it takes to guess a few really large prime numbers. I think really big keys take about a year to break using modern hardware, but could be sooner pending Moore's Law. Hence for ultimate security it's always recommended to use a long short lived keys (think minutes or days). A tactic we're looking at is using a long lived key to sign short lived keys, from which authenticity is done via the cert chain, but the crypto key is constantly changing.

python-gnupg is written in Python which has dynamic binding capabilities, hence, if your application environment cannot be trusted, then that is the first problem you must solve. Theoretically if you're app resides in an untrusted environment, dynamic binding could be potentially used to modify the library to emit private key material unknowningly, since the gpg executable itself has that option! Using python-gnupg installed into a secure and trusted virtualenv is one step that you can take to ensure to prevent such an attack.

The only thing that comes to mind about python-gnupg that I'm somewhat concerned about is that there is no file option for passphrases. Hence they must be loaded into memory instead of just piping the contents of a secured file containing the passphrase. So when coding be mindful of how you read and destroy your passphrase in your implementation. Yes one could modify the implementation, and I've considered it - but something to be be aware of if you're using crypto in a long running app (ie wsgi), so you'd want to be careful how you store sensitive data in a potentially global scope, since nothing in python seems to be truly private.

Jim Klo

Senior Software Engineer

Center for Software Engineering

SRI International