This post is nothing new, for some it might be. At least I consider it important enough to re-publish this information for those fiddling with RSA / DSA and keys that were used to generate affected by the openssl debian fiasco.
- RSA public keys are not private
Why : Secure auto-updates and why to use a block cipher prior to signing than to use RSA to encrypt and sign.
- RSA public keys are not private (implementation)
Why : Learn that when using n with signatures, it NEVER CAN be kept secret. Why choosing RSA to sign and encrypt auto updates is wrong.
- The Debian PGP disaster that almost was
Why : Learn that you should consider all your DSA keys (the keys themselves) compromised if you generated signatures using the vulnerable debian openssl version at any time. I am not sure everybody got this.