Correct method to generate a Curve25519 keypair
Stef Bon
stefbon at gmail.com
Sat Jun 23 08:06:58 CEST 2018
Op za 23 jun. 2018 om 02:40 schreef Alexander Lyon <arlyon at me.com>:
>
> Hello
>
> To preface, apologies if I am unconventional or naive; I am a little new to this.
>
No problem.
I'm working on the same issue (to make curve25519-sha256 work).
I've done this different.
As I can see there is no such curve as Curve25519. This is the name of
the keyexchange method, but it's based on ed25519.
This is the correct name. Use: "(genkey (ecc (curve ed25519)))" instead.
The generated s-expr sexp_curve25519_keypair has the public key and the
private key. As you can see on ECC-key-parameters.html and
General-public_002dkey-related-Functions.html
the generated s-expr has two sub-s-expressions, one for the public
and one for the private key:
(key-data
(public-key
(ecc
(curve Ed25519)
(flags eddsa)
(q q-value)))
(private-key
(ecc
(curve Ed25519)
(flags eddsa)
(q q-value)
(d d-value))))
If you want to read the public key, find it first by:
s_key=gcry_sexp_find_token(sexp_curve25519_keypair, "public-key", 0);
now get the cdr of that result by:
s_param=gcry_sexp_cdr(s_key);
(you might want to check the type/car which should be "ecc")
Now get the right param (q or d) by:
gcry_sexp_t s_q = gcry_sexp_find_token(s_param, "q", 0);
and value of this
const char value=gcry_sexp_nth_data(s_q, 1, &len);
This is a pointer to the data of the q paramater.
You can read the d parameter simular.
I've posted about this issue before since the fields are stored as mpi
for other types (rsa, dss)
and here as q-value and d-value. Is this the raw format? I do not know.
I hope this helps,
Stef
More information about the Gcrypt-devel
mailing list