Correct method to generate a Curve25519 keypair
arlyon at me.com
Fri Jun 29 05:09:21 CEST 2018
djb-tweak and comp are necessary to generate the key. I have not found out
how to make it work without those flags. In fact, changing comp
(compressed) to nocomp causes the program to crash.
On Thu, Jun 28, 2018, 18:34 Stef Bon <stefbon at gmail.com> wrote:
> Op do 28 jun. 2018 om 17:25 schreef Alexander Lyon <arlyon at me.com>:
> > gcry_sexp_build( &sexp_genkey_params, NULL,
> > "(genkey"
> > " (ecc"
> > " (curve \"Curve25519\")"
> > " (flags djb-tweak comp)"
> > " )"
> > ")" );
> I did not know that the curve "Curve25519" is a valid curve,
> I've posted about this earlier.
> > gcry_sexp_extract_param( sexp_Curve25519_pair, NULL, "qd",
> > &mpi_Curve_pub_compressed, &mpi_Curve_priv,
> NULL );
> Ah gcry_sexp_extract_param does the trick. Good to know.
> The documentation is better with more examples like this.
> > // to decompress, we decode it into a point
> > // then extract the X and discard the rest
> > gcry_mpi_point_t point_Curve_pub = gcry_mpi_point_new( 0 );
> > gcry_ctx_t ctx_curve;
> > gcry_mpi_ec_new( &ctx_curve, NULL, "Curve25519" );
> > gcry_mpi_ec_decode_point( point_Curve_pub, mpi_Curve_pub_compressed,
> ctx_curve );
> > // we extract x, y and z but only need x because
> > // curve only uses the x coordinate. y and z are discarded.
> > gcry_mpi_t mpi_Curve_pub_y = gcry_mpi_new( 0 );
> > gcry_mpi_t mpi_Curve_pub_z = gcry_mpi_new( 0 );
> > gcry_mpi_point_snatch_get( mpi_Curve_pub, mpi_Curve_pub_y,
> mpi_Curve_pub_z, point_Curve_pub );
> > gcry_sexp_release( sexp_genkey_params );
> > gcry_sexp_release( sexp_Curve25519_pair );
> > gcry_mpi_release( mpi_Curve_pub_y );
> > gcry_mpi_release( mpi_Curve_pub_z );
> > gcry_mpi_release( mpi_Curve_pub_compressed );
> If it's working, that's good but it looks a bit too much to me. first
> you compress it using the djb-twaek flag, and later
> you have to decompress it later. Any other benfit using the djb-tweak
> I do not see. And if not using compression
> you have the public key already available in
> "mpi_Curve_pub_compressed" which should be renamed to
> And then using gcry_mpi_print and reversing the result shoudl be enough.
> Am I overseeing something?
> Gcrypt-devel mailing list
> Gcrypt-devel at gnupg.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gcrypt-devel