Correct method to generate a Curve25519 keypair

Alexander Lyon arlyon at me.com
Fri Jun 29 05:09:21 CEST 2018 

djb-tweak and comp are necessary to generate the key. I have not found out
how to make it work without those flags. In fact, changing comp
(compressed) to nocomp causes the program to crash.

On Thu, Jun 28, 2018, 18:34 Stef Bon <stefbon at gmail.com> wrote:

> Op do 28 jun. 2018 om 17:25 schreef Alexander Lyon <arlyon at me.com>:
> >
> > gcry_sexp_build( &sexp_genkey_params, NULL,
> >                  "(genkey"
> >                  "    (ecc"
> >                  "        (curve \"Curve25519\")"
> >                  "        (flags djb-tweak comp)"
> >                  "    )"
> >                  ")" );
> >
>
> I did not know that the curve "Curve25519" is a valid curve,
> I've posted about this earlier.
>
> > gcry_sexp_extract_param( sexp_Curve25519_pair, NULL, "qd",
> >                          &mpi_Curve_pub_compressed, &mpi_Curve_priv,
> NULL );
> >
> Ah gcry_sexp_extract_param does the trick. Good to know.
> The documentation is better with more examples like this.
>
> > // to decompress, we decode it into a point
> > // then extract the X and discard the rest
> > gcry_mpi_point_t point_Curve_pub = gcry_mpi_point_new( 0 );
> > gcry_ctx_t ctx_curve;
> > gcry_mpi_ec_new( &ctx_curve, NULL, "Curve25519" );
> > gcry_mpi_ec_decode_point( point_Curve_pub, mpi_Curve_pub_compressed,
> ctx_curve );
> >
> > // we extract x, y and z but only need x because
> > // curve only uses the x coordinate. y and z are discarded.
> > gcry_mpi_t mpi_Curve_pub_y = gcry_mpi_new( 0 );
> > gcry_mpi_t mpi_Curve_pub_z = gcry_mpi_new( 0 );
> >
> > gcry_mpi_point_snatch_get( mpi_Curve_pub, mpi_Curve_pub_y,
> mpi_Curve_pub_z, point_Curve_pub );
> >
> > gcry_sexp_release( sexp_genkey_params );
> > gcry_sexp_release( sexp_Curve25519_pair );
> > gcry_mpi_release( mpi_Curve_pub_y );
> > gcry_mpi_release( mpi_Curve_pub_z );
> > gcry_mpi_release( mpi_Curve_pub_compressed );
>
> If it's working, that's good but it looks a bit too much to me. first
> you compress it using the djb-twaek flag, and later
> you have to decompress it later. Any other benfit using the djb-tweak
> I do not see. And if not using compression
> you have the public key already available in
> "mpi_Curve_pub_compressed" which should be renamed to
> mpi_Curve_pub_notcompressed.
> And then using gcry_mpi_print and reversing the result shoudl be enough.
>
> Am I overseeing something?
>
> Stef
>
> _______________________________________________
> Gcrypt-devel mailing list
> Gcrypt-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20180629/e8355d15/attachment.html>

More information about the Gcrypt-devel mailing list