|
|
|
|
|
|
by tptacek
2537 days ago
|
|
|
I don't know what "create and manage a cryptographic identity" means, and I do this stuff for a living. Can you put that in terms that actual people care about? GPG supports ed25519. In some spec somewhere or other, and probably in a version of GnuPG as well, GPG supports everything. But in practice, GPG is RSA and CAST5 in CFB mode with PGP's archaic authenticator. And the impact of Efail was to email, the same way the impact of a memory corruption vulnerability might be to pop calc.exe (at first). But the flaw behind Efail was that GPG released unauthenticated plaintext to callers, which is something cryptosystems are meant never to do. |
|
|