ECC key format in gpg-agent

NIIBE Yutaka gniibe at
Mon Dec 22 14:11:00 CET 2014


This is a note about current situation of ECC support in GnuPG 2.1.x
(git master).  I don't have patches yet, but just describing issues.

During the development, in the past, we had key format in SEXP of:


but currently, it's like:

	(ecc(flags eddsa)(curve%s)(q%b))
	(ecc(flags param)(p%m)(a%m)(b%m)(g%m)(n%m)(h%m)(q%m))

That is, curves are usually specified by its name.  It can be
specified by its numerical parameters, but in that case, it should
have (flags param) and we now have another parameter h (as cofactor).
It can have (flags eddsa) for EdDSA keys.

Now, the function agent_public_key_from_file in agent/findkey.c
doesn't worked well with curve name, because the function
key_parms_from_sexp in agent/findkey.c only supports old formats.

The constant protect_info in agent/protect.c is for old formats.
Thus, the functions agent_protect and agent_unprotect doesn't work
well with curve name (and optional flags).

More information about the Gnupg-devel mailing list