Correct method to generate a Curve25519 keypair

Stef Bon stefbon at
Thu Jun 28 17:11:49 CEST 2018

Op do 28 jun. 2018 om 15:57 schreef Alexander Lyon <arlyon at>:
> A little late, but as a follow up to this, I managed to find the solution. The generated keys are valid but Curve25519 is little-endian and printing it to a buffer is big-endian so the hex dumped by gcry_mpi_dump is in reverse. It was as easy as reversing the buffer when appropriate. This allowed me to extract the public key binary.

Ok, that explains the remark in "curve25519-sha256 at 4.3
Shared secret generation ":
"This conversion follows the network byte order."

Thanks for sharing this. You're helping me with implementing it in my
Some questions: the public key is shared with the other side. This is
for ecc/ed25519 available in the s-exp created by genkey as "q-value".
How did you extract
this "q-value"?

You're using gcry_mpi_dump. Does this the right tool for this?
Comments in the documentation say that
"Dump the value of a in a format suitable for debugging to Libgcrypt’s
logging stream."


More information about the Gcrypt-devel mailing list