cv25519 scalar byte order
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Feb 19 17:24:39 CET 2018
On Mon 2018-02-19 15:23:10 +0100, Werner Koch wrote:
> On Wed, 14 Feb 2018 06:13, gniibe at fsij.org said:
>
>> I wonder if we have difference in the interpretation of secret part
>> (skey[3]).
>>
>> In GnuPG, this part is interpreted as standard MPI representation
>> (big-endian).
>>
>> For better interoperability, we could support the prefix 0x40 for this
>> secret part, I suppose.
>
> That would be incorrect. The prefix (e.g. 0x40) indicates a _point_
> format and not the format of a scalar. Thus skey[3] MAY not have this
> prefix.
what does this "MAY NOT" mean? if this is an attempt at RFC 2119
language, i don't understand it. Do you mean "MUST NOT" ?
What steps are needed to clarify the documentation here so that we can
have interoperable implementations?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180219/7a32e00f/attachment.sig>
More information about the Gnupg-devel
mailing list