Size for ECC keys have changed from 256 to 255

Baptiste Beauplat lyknode at
Thu Sep 23 20:17:00 CEST 2021

Hi Yutaka,

On 2021/09/17 03:30 PM, NIIBE Yutaka wrote:
> Baptiste Beauplat wrote:
> > I noticed that the key size reported by gpg --with-colons for ECC keys
> > (ed25519) have changed from 256 to 255.
> Thank you for sharing.  I didn't know that it is exposed to users.
> (I considered it were (only) internal thing in libgcrypt.) 
> > I was wondering if that's a bug, since from what I understand (certainly
> > way to little) the public key size of ed25519 is fixed at 256 and the
> > value 255 is only used in the prime number calculation (2^255 - 19).
> >
> > Note: The changed comes from the following commit in libgcrypt:
> >
> >
> Yes, I did it.
> Let me explain the reason why I did.
> It is certainly a "fix", from the viewpoint of the library.
> The field is NBITS, number of bits (of the curve).  This information
> (exact number of bits, instead of rounded one to 2^n) is needed.  For
> example, in the computation of X25519, it needs to check if there are
> more bit(s) in octet.  Besides, for other curves, this field is used in
> this semantics (See NIST P-521).

Thank you for clarifying this.

If I understood correctly, my problem comes from the fact that the size
of the public key isn't strictly equal to NBITS however that's the
value used in the frontend part.

In that case, I'll open a bug against gnupg itself.

Baptiste Beauplat - lyknode
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list