Correct method to generate a Curve25519 keypair
Stef Bon
stefbon at gmail.com
Thu Jun 28 19:30:57 CEST 2018
Op do 28 jun. 2018 om 17:25 schreef Alexander Lyon <arlyon at me.com>:
>
> gcry_sexp_build( &sexp_genkey_params, NULL,
> "(genkey"
> " (ecc"
> " (curve \"Curve25519\")"
> " (flags djb-tweak comp)"
> " )"
> ")" );
>
I did not know that the curve "Curve25519" is a valid curve,
I've posted about this earlier.
> gcry_sexp_extract_param( sexp_Curve25519_pair, NULL, "qd",
> &mpi_Curve_pub_compressed, &mpi_Curve_priv, NULL );
>
Ah gcry_sexp_extract_param does the trick. Good to know.
The documentation is better with more examples like this.
> // to decompress, we decode it into a point
> // then extract the X and discard the rest
> gcry_mpi_point_t point_Curve_pub = gcry_mpi_point_new( 0 );
> gcry_ctx_t ctx_curve;
> gcry_mpi_ec_new( &ctx_curve, NULL, "Curve25519" );
> gcry_mpi_ec_decode_point( point_Curve_pub, mpi_Curve_pub_compressed, ctx_curve );
>
> // we extract x, y and z but only need x because
> // curve only uses the x coordinate. y and z are discarded.
> gcry_mpi_t mpi_Curve_pub_y = gcry_mpi_new( 0 );
> gcry_mpi_t mpi_Curve_pub_z = gcry_mpi_new( 0 );
>
> gcry_mpi_point_snatch_get( mpi_Curve_pub, mpi_Curve_pub_y, mpi_Curve_pub_z, point_Curve_pub );
>
> gcry_sexp_release( sexp_genkey_params );
> gcry_sexp_release( sexp_Curve25519_pair );
> gcry_mpi_release( mpi_Curve_pub_y );
> gcry_mpi_release( mpi_Curve_pub_z );
> gcry_mpi_release( mpi_Curve_pub_compressed );
If it's working, that's good but it looks a bit too much to me. first
you compress it using the djb-twaek flag, and later
you have to decompress it later. Any other benfit using the djb-tweak
I do not see. And if not using compression
you have the public key already available in
"mpi_Curve_pub_compressed" which should be renamed to
mpi_Curve_pub_notcompressed.
And then using gcry_mpi_print and reversing the result shoudl be enough.
Am I overseeing something?
Stef
More information about the Gcrypt-devel
mailing list