Size for ECC keys have changed from 256 to 255

NIIBE Yutaka gniibe at
Fri Sep 17 08:30:58 CEST 2021

Baptiste Beauplat wrote:
> I noticed that the key size reported by gpg --with-colons for ECC keys
> (ed25519) have changed from 256 to 255.

Thank you for sharing.  I didn't know that it is exposed to users.
(I considered it were (only) internal thing in libgcrypt.) 

> I was wondering if that's a bug, since from what I understand (certainly
> way to little) the public key size of ed25519 is fixed at 256 and the
> value 255 is only used in the prime number calculation (2^255 - 19).
> Note: The changed comes from the following commit in libgcrypt:

Yes, I did it.

Let me explain the reason why I did.

It is certainly a "fix", from the viewpoint of the library.

The field is NBITS, number of bits (of the curve).  This information
(exact number of bits, instead of rounded one to 2^n) is needed.  For
example, in the computation of X25519, it needs to check if there are
more bit(s) in octet.  Besides, for other curves, this field is used in
this semantics (See NIST P-521).

More information about the Gnupg-users mailing list