Key Derivation API
Dmitry Eremin-Solenikov
dbaryshkov at gmail.com
Tue Jan 14 12:27:46 CET 2014
Hello,
On Tue, Jan 14, 2014 at 12:50 PM, Werner Koch <wk at gnupg.org> wrote:
> On Mon, 13 Jan 2014 23:30, dbaryshkov at gmail.com said:
>
>> I feel a desperate need for the key derivation API not limited to plain
>> ECDH.
>
> Can you explain what you want to do with it? Do you want to create an
> ephemeral key from a long term ECC key? That can easily be done using
> the context based ECC API. Sure that is somewhat low-level but it is
> quite flexible and probably the best way until common usage patterns are
> established.
I need to create shared key material, but using special scheme defined
in rfc4357 [1] for GOST R 34.10-2001 (and currently being extended
to GOST R 34.10-2012 by using Stribog instead of old GOST R 34.11-94
hashing).
Basically it is ECDH, but with an additional salt (called UKM) being used:
shared = hash( (UKM * d) (mod p) x Q )
where p is (sub-)group size, d is my private key, Q is 'their' public key and
UKM is a salt/noonce/whatever.
[1] https://tools.ietf.org/html/rfc4357
--
With best wishes
Dmitry
More information about the Gcrypt-devel
mailing list