cv25519 scalar byte order

NIIBE Yutaka gniibe at
Wed Feb 14 06:13:32 CET 2018


Here is an example packet of secret key as an output of GnuPG's

# off=267 ctb=9c tag=7 hlen=2 plen=93
:secret sub key packet:
	version 4, algo 18, created 1518583322, expires 0
	pkey[0]: 0A2B060104019755010501 cv25519 (
	pkey[1]: 40FD57ED7E6D3490F0BFB4995F281A53648842CDB84DEBA6726DF5BA1994968D23
	pkey[2]: 03010807
	skey[3]: 5669627AB7427CE223BD94101603978F3F4599AE1A007087A0B3DBBFB67D3278
	checksum: 0f5a
	keyid: 55C6A075A3C82F68

I wonder if we have difference in the interpretation of secret part

In GnuPG, this part is interpreted as standard MPI representation

For better interoperability, we could support the prefix 0x40 for this
secret part, I suppose.

More information about the Gnupg-devel mailing list