ECDSA vs EDDSA
Werner Koch
wk at gnupg.org
Mon Nov 10 17:31:47 CET 2014
On Mon, 10 Nov 2014 15:32, kristian.fiskerstrand at sumptuouscapital.com
said:
> This is not necessarily true if [RFC6979]: "Deterministic Usage of the
> Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature
> Algorithm (ECDSA)" is used.
Which is used in 2.1:
commit 6466db10fb22a4f24df4edad9c5cb33ec67321bd
Author: Werner Koch <wk at gnupg.org>
Date: Sat Sep 7 10:06:46 2013 +0200
Switch to deterministic DSA.
* agent/pksign.c (rfc6979_hash_algo_string): New.
(do_encode_dsa) [Libgcrypt >= 1.6]: Make use of RFC-6979.
--
Now that we have a good (and not NSA/NIST demanded ;-) specification
on how to use DSA without a random nonce, we take advantage of it and
thus avoid pitfalls related to a misbehaving RNG during signature
creation.
Note that OpenPGP has the option of using a longer hash algorithm but
truncated to what is suitable for the used DSA key size. The hash
used as input to RFC-6979 will also be one with an appropriate digest
length but not a truncated one. This is allowed by RFC-6979.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list