Key Derivation API

Dmitry Eremin-Solenikov dbaryshkov at
Tue Jan 14 12:27:46 CET 2014


On Tue, Jan 14, 2014 at 12:50 PM, Werner Koch <wk at> wrote:
> On Mon, 13 Jan 2014 23:30, dbaryshkov at said:
>> I feel a desperate need for the key derivation API not limited to plain
>> ECDH.
> Can you explain what you want to do with it?  Do you want to create an
> ephemeral key from a long term ECC key?  That can easily be done using
> the context based ECC API.  Sure that is somewhat low-level but it is
> quite flexible and probably the best way until common usage patterns are
> established.

I need to create shared key material, but using special scheme defined
in rfc4357 [1] for GOST R 34.10-2001 (and currently being extended
to GOST R 34.10-2012 by using Stribog instead of old GOST R 34.11-94

Basically it is ECDH, but with an additional salt (called UKM) being used:
  shared = hash( (UKM * d) (mod p) x Q )
where p is (sub-)group size,  d is my private key, Q is 'their' public key and
UKM is a salt/noonce/whatever.


With best wishes

More information about the Gcrypt-devel mailing list