ECDSA vs EDDSA
Werner Koch
wk at gnupg.org
Wed Nov 12 15:12:14 CET 2014
On Wed, 12 Nov 2014 14:28, peter at digitalbrains.com said:
> After browsing a bit in the source, I conclude that RFC 6979 is used for
> both classic DSA and ECDSA; something not immediately apparent from the
> commit message when you don't know the code.
Right. And actually it can also be used for 2.0. This requires a
runtime check for the libgcrypt version and to add the rfc6979 flag for
libgcrypt 1.6. In 2.0 we have use this in g10/pkglue.c:
if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
BUG (); /* gcry_sexp_build should never fail. */
it needs to be replaced with something like
if (gcry_check_version ("1.6.0")
{
err = gcry_sexp_build (&hash, NULL,
"(data (flags rfc6979) (hash %s %b))",
rfc6979_hash_algo_string (mdlen),
(int)mdlen, md);
}
else
err = gcry_sexp_build (&s_hash, NULL, "%m", hash);
but the callers of that pk_sign function need to provide the hash
algorithm as well. Thus more than a few lines need to be changed. it
would be useful to have this for plain DSA, though.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list