gpg --export produces invalid EdDSA output - regression

Werner Koch wk at
Fri Sep 15 10:35:29 CEST 2023

On Thu, 14 Sep 2023 16:10, Marek Marczykowski-Górecki said:

> misbehaving implementation, IMO the goal should be to converge at the
> specified behavior. The change we are discussing here "forces" already

The question is just which specification.  GnuPG was the first to
implement ed25519 and then cross-tested this with RNP.  Other
implementions showed up only later and thus need to follow existing
praxis.  That we decided to change our implementations in a
compatible(!)  way had practical reasons for better inperoperability
between other protocols and hardware implementations.  The folks from
the other implementation knew about that (after all they used to be
employed for working GnuPG).

> Well, issue tracker of a specific implementation is not really
> specification that others should follow when implementing an IETF
> standard...

The only specification/standard here is RFC6637 (ECC for OpenPGP) which

   This document only defines the uncompressed point format.  The point
   is encoded in the Multiprecision Integer (MPI) format [RFC4880].  The
   content of the MPI is the following:

      B = 04 || x || y

   This encoding is compatible with the definition given in [SEC1].

   If other conversion methods are defined in the future, a compliant
   application MUST NOT use a new format when in doubt that any
   recipient can support it.  Consider, for example, that while both the
   public key and the per-recipient ECDH data structure, respectively
   defined in Sections 9 and 10, contain an encoded point field, the
   format changes to the field in Section 10 only affect a given
   recipient of a given message.

For ed25519 we needed another conversion methods.



The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list