Support for additional ECC Curves in GnuPG (gcrypt)
Werner Koch
wk at gnupg.org
Thu Sep 19 20:24:15 CEST 2013
On Thu, 19 Sep 2013 13:29, sergi at calcurco.cat said:
> allows any arbitrary curve (prime & char2) but rfc 6637 doesn't allow us to
> go that far.
Sorry, I can't see that. The only problem I see with 6637 is that the
standard uncompressed encoding is required and that we have no way to
change that. Compact encodings as for example specified for Ed255519
can't be used. However, I see no problem to put an uncompressed EdDSA
point into an RFC-6637 packet and alias EdDSA to ECDSA. The secret key
will be prefixed with a 0x00 to fit into OpenPGP's unsigned MPIs.
In case you are talking about random curves: You are mostly out of luck
because the size of an OID is limited to 254 bytes. Thus if you really
want to have random curves you would need to write a new spec which
takes advantage of the two reserved values in the OID size fields. OR
request a new algorithm ID - which might be the cleaner solution. For
everyone else I believe that just a few curves (which might be just a
single one) fits all our needs.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list