[gnutls-help] ED25519 status in GnuTLS

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Sun Nov 13 15:51:17 CET 2016

On Sun, 2016-11-13 at 07:20 +0100, Ondřej Surý wrote:
> Nikos,
> what's the current status of  EdDSAS (Ed25519 and possibly Ed448) in
> GnuTLS?
> draft-irtf-cfrg-eddsa is in RFC Editor queue, that means only
> editorial
> changes
> are going to happen there.
> We are using:
> gnutls_pubkey_get_pk_ecc_raw
> gnutls_pubkey_import_ecc_raw
> gnutls_pubkey_get_pk_rsa_raw
> gnutls_pubkey_import_rsa_raw
> and I would love to have the EdDSA equivalents instead of going down
> for Nettle. (and for DNSSEC we need the Pure variants).

There is some testing code for EdDSA (non-pure variant) on a gitlab
branch. It would most likely need some refresh, however, I haven't
checked how and if the last version changed. The pure variant will need
quite more changes since it cannot be used with
gnutls_privkey_sign_hash(), but only with gnutls_privkey_sign_data()
and we have to introduce this distinction internally.

My plan is to introduce that feature on the next to 3.5.x branch once
3.5.x replaces the stable branch (around march).


More information about the Gnutls-help mailing list