The attack demonstrated that a 4096-bit GPG private decryption key could be recovered using commodity hardware (a cellphone’s microphone), sophisticated software to interpret sound signals and to filter them, and carefully chosen input text in the form of emails. The email client (Enigmail) automatically decrypted these messages upon reception while the microphone listened in, and over the course of an hour, the software was able to construct the full 4096-bit GPG private key.

Now, this attack is easily mitigated by setting a reasonable timeout in the GPG keyring (~5 minutes would be reasonable), which would give attackers only 5 minutes to attempt the attack. Obviously, newer versions of GPG, as mentioned in this blog post, have been patched to work around the vulnerability.

However, what about SSL server keys? If I can reverse engineer a GPG private RSA key, what would prevent me from extracting a server’s private SSL key? I could easily craft messages to send to the server, and they would have to be decrypted by the server. Couple that with a microphone hidden in a server nearby, and given enough time, it would be at least theoretically possible to derive the private key, right?