[PATCH 3/3] Add support for GOST R 34.10-2001/-2012 signatures
gniibe at fsij.org
Fri Oct 4 03:04:18 CEST 2013
I withdraw my original suggestion (using DIALECT_*) if we don't have
actual curve at hand, where m /= q.
On 2013-10-03 at 23:56 +0400, Dmitry Eremin-Solenikov wrote:
> First, in the both curves defined in standard m = q. Second,
> rfc4357 (which supplements standards with exact parameters, values,
> etc) defines only q parameter for the curves that are used/defined.
Thank you for your explanation. I misunderstood as if m = q were just
an example, and general cases of m /= q should be handled.
> So it really looks like a separate domain.
> I like the Werner's idea of DIALECT_SUBGROUP. It defines the curve
> parameters and still leaves enough space for possible
> standards/curves which decide to use subgroup instead of full group.
IIUC, this means:
We reserve DIALECT_SUBGROUP for future use (cases of m /= q).
A curve with DIALECT_STANDARD will be able to compute GOST
signature, as well as ECDSA signature.
A curve with DIALECT_SUBGROUP will be able to compute GOST
signature, but not to compute ECDSA signature.
Let's will do that when we will have a curve m /= q.
More information about the Gcrypt-devel