ECDH loads parameters as signed

Ján Jančár jancar.jj at
Sun Dec 9 16:32:18 CET 2018

On 31/10/2018 12:10, Ján Jančár wrote:
> On 31/10/2018 00:32, Ján Jančár wrote:
>> On 29/10/2018 17:44, Werner Koch wrote:
>>> On Mon, 29 Oct 2018 15:41, jancar.jj at said:
>>>> Any updates on this? Such exporting and loading parameters back should
>>>> work. The same problem appears in ECDSA.
>>> I considered to include this in 1.8.4 but given that I have seen no
>>> further comments your patch first needs closer investigations.  We need
>>> to check the history to see why the code was written this way.  Even if
>>> your issue is a bug (in the sense of a wrong/different implementation)
>>> we can't simply change it and risk that other applications break.
>> The use of sexp_extract_param with the signed prefix was introduced in
>> 6bd5d18c, which moved the sexp parsing from gcry_pk_encrypt to
>> ecc_encrypt_raw. Previously the keyparams S-exp was parsed using a loop and:
>> gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_STD);
>> as in 6bd5d18c: cipher/pubkey.c (sexp_elements_extract_ecc).
>> However, before 6bd5d18c, which introduced eddsa, this was done using:
> Sorry, the eddsa introduction should have been commit 63cd34744,
> mis-copied the id.

Hi all,
Any news on this? It has been a month. My rationale is further explained in:

Ján Jančár

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gcrypt-devel mailing list