Moving forward with Curve25519 (was: [PATCH] Curve25519 patch revised)
NIIBE Yutaka
gniibe at fsij.org
Wed Aug 6 11:20:16 CEST 2014
On 2014-08-05 at 13:01 +0200, Werner Koch wrote:
> I would suggest to use
>
> 41 || X
>
> and we are done. Simon's draft-josefsson-tls-curve25519-05 for TLS does
> the same.
Please clarify: X in MPI?
In draft-josefsson-tls-curve25519-05, it seems that it's in original
format (little endian).
> 0x41 is not used by SEC1 but it is quite similar to it. A nice property
> of the prefix bytes is that they avoid misintrepretation as a negative
> value and are thus compatible to OpenPGP MPIs. Thus my suggestion is to
> define these prefix bytes:
>
> 40 := Native point format of the curve follows
> 41 := Only X coordinate follows.
> 42 := Only Y coordinate follows.
>
> In GnuPG master (and libgcrypt 1.7) 0x40 is already supported for
> Ed25519 keys. I also working on an I-D for EdDSA (ed25519) support in
> OpenPGP to get an algorithm id assigned.
And prefix 0x40 for Curve25519 ECDH is in original format?
--
More information about the Gcrypt-devel
mailing list