Correct method to generate a Curve25519 keypair

Stef Bon stefbon at
Sat Jun 23 08:06:58 CEST 2018

Op za 23 jun. 2018 om 02:40 schreef Alexander Lyon <arlyon at>:
> Hello
> To preface, apologies if I am unconventional or naive; I am a little new to this.

No problem.

I'm working on the same issue (to make curve25519-sha256 work).
I've done this different.

As I can see there is no such curve as Curve25519. This is the name of
the keyexchange method, but it's based on ed25519.
This is the correct name. Use: "(genkey (ecc (curve ed25519)))" instead.

The generated s-expr sexp_curve25519_keypair has the public key and the
private key. As you can see on ECC-key-parameters.html and
the generated s-expr  has two sub-s-expressions, one for the public
and one for the private key:

      (curve Ed25519)
      (flags eddsa)
      (q q-value)))
      (curve Ed25519)
      (flags eddsa)
      (q q-value)
      (d d-value))))

If you want to read the public key, find it first by:

s_key=gcry_sexp_find_token(sexp_curve25519_keypair, "public-key", 0);
now get the cdr of that result by:
(you might want to check the type/car which should be "ecc")
Now get the right param (q or d) by:
gcry_sexp_t s_q = gcry_sexp_find_token(s_param, "q", 0);
and value of this
const char value=gcry_sexp_nth_data(s_q, 1, &len);
This is a pointer to the data of the q paramater.
You can read the d parameter simular.
I've posted about this issue before since the fields are stored as mpi
for other types (rsa, dss)
and here as q-value and d-value. Is this the raw format? I do not know.
I hope this helps,


More information about the Gcrypt-devel mailing list