Dealing with RUSTSEC-2023-0071

[link2xt]

This decrypt public API is a straight call into rsa crate with PKCS1v15 padding: https://github.com/rpgp/rpgp/blob/63f55a72d04c5cb81ab0fc56eac82c87e015ac12/src/crypto/rsa.rs#L25-L33

This is claimed to be vulnerable to timing attack at https://github.com/RustCrypto/RSA/issues/19 There is a security advisory at https://rustsec.org/advisories/RUSTSEC-2023-0071 without a fix currently.

rPGP should update to fixed rsa dependency or work around this somehow, but as far as I see there is no workaround and we need an rsa crate fix.