Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt

Brian Smith <brian@briansmith.org> Wed, 10 May 2017 22:17 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFD28129A99 for <curdle@ietfa.amsl.com>; Wed, 10 May 2017 15:17:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=briansmith-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ciiw7l6NWW0U for <curdle@ietfa.amsl.com>; Wed, 10 May 2017 15:17:33 -0700 (PDT)
Received: from mail-io0-x22e.google.com (mail-io0-x22e.google.com [IPv6:2607:f8b0:4001:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D00E9129AA0 for <curdle@ietf.org>; Wed, 10 May 2017 15:17:32 -0700 (PDT)
Received: by mail-io0-x22e.google.com with SMTP id f102so10732773ioi.2 for <curdle@ietf.org>; Wed, 10 May 2017 15:17:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=briansmith-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ncMZqUN1+zwPtS6aEnZFchuBvlt5BSpwS8sHk4q1yF8=; b=w7k/sz79DNSinSn4XzUN14+P6Ows8z+yPQybIHGYXEl0l2jzuM6imZMQX0OA7laVop zN6IVB7kLJF8Do34zTLuLZLB++KhpfJxP8XWb4/h+3a2OD+cy50KF31w4m89qIxSxsmr DSogNJb/oMM7pF/YLzqYq/PdoYVczbjh5QVI3/7wFktek5fuXRakS6X/Mcf8QjGjtMjn 7qqiZT2syRKn7Khsv4rTl5lDlAdobjCeZ9DWp/Hsmn9X4amfius+8BESln8DNNSZ98D1 xeQ2azKONBcbtLiy3milkmTWaneTU4c96IuXDEr1WazJKsB0p3EV35LidzTr5SawQPTC Vo8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ncMZqUN1+zwPtS6aEnZFchuBvlt5BSpwS8sHk4q1yF8=; b=QlQRu7Hvq2SHccVpO2NgVI2b1reI5fIDz4P4HKFVjGl3EAusKmBTq96oysQP5GL2Rq L7ujCNK17pxHR/LCUmdeloaxaJIzwV+XlOO3+XN4hL6x3MR+We0+BssqWQ4msoRudR0l w93CrIfIYVU+hW1kmO4z657WepNqsxaHyjt6fLQ4JuTJ1XI2PRFLps3q2uqSAwEfGfej n+F1Kd6fv4XYq+bISFsi/FYTW4wAtc2fvkuzq+mXy5LnhPE8XMZ7C80xoDfRxGwcS3im SgQc4FOkhZa0aOebbikLsOq8CTPlyLAwUPA3rzGiGT5jZDxJ09GUFkwFErWc9qIeCLvX PIZQ==
X-Gm-Message-State: AODbwcBmnUX71U0IJKIrnAXI2d+XqRERRpFFPOz6AJi8p+DXZaexuYFj T+J//JOmVaF/q6q2zLNIpMNTBbLX135o
X-Received: by 10.107.52.79 with SMTP id b76mr5762740ioa.150.1494454651812; Wed, 10 May 2017 15:17:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.77.84 with HTTP; Wed, 10 May 2017 15:17:31 -0700 (PDT)
In-Reply-To: <001c01d2c998$ba1f6f80$2e5e4e80$@augustcellars.com>
References: <149073663013.1172.4888065212435317707.idtracker@ietfa.amsl.com> <051401d2a80b$e9bdea90$bd39bfb0$@augustcellars.com> <CAFewVt6-0WSqmwD7xVvKWDg3P9vNpFZDqB-n61hiU9qQp1c2cw@mail.gmail.com> <006d01d2c194$0e99b280$2bcd1780$@augustcellars.com> <CAFewVt7iuyzY-VkQn7V7PjEOWyk0k7-KLsmpEGjhSdTh7JW2Og@mail.gmail.com> <CAFewVt5v_bqQMo7ZpnnUWa2c41Xy-SkUWw63sh8Yn-UWskKdmw@mail.gmail.com> <CAFewVt4dv0Q2C_N+Cn2or6D+_CdZCDwfoe-g1sOTJqNSJON_nw@mail.gmail.com> <CAFewVt4sJE9+sdPAjtQKL0L+RqkgS9AXaa5ytGOK80Bcgua8sA@mail.gmail.com> <001c01d2c998$ba1f6f80$2e5e4e80$@augustcellars.com>
From: Brian Smith <brian@briansmith.org>
Date: Wed, 10 May 2017 12:17:31 -1000
Message-ID: <CAFewVt4grr3hGxFmN5cEoWLH1W++KNo7ULcD92OkcyDxNYZP3w@mail.gmail.com>
To: Jim Schaad <ietf@augustcellars.com>
Cc: curdle <curdle@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/dBwSUFlbBMLzkdjbid4NJgTSRdY>
Subject: Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 May 2017 22:17:37 -0000

Here are some test vectors for X25519 private key bit masking, where
each vector is a valid PKCS#8 v2 file. These tests every combination
of high and low bits for an all-ones private key. The masked private
key is the same for each case and thus the public key is the same for
each case. Please incorporate all these into the RFC as test vectors,
in addition to all the ones I previously posted.

Note that the same kind of test cannot be done for Ed25519, because in
Ed25519 PKCS#8 files the private key field is the seed that is hashed
with SHA-512 to get the actual private key scalar; i.e. for Ed25519 it
isn't the PKCS#8 file's privateKey field that gets masked, but rather
an intermediate value.

X25519 with private key high bits 0b00, low bits 0b000.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPj///////////////////////////////////////8/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b00, low bits 0b001.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPn///////////////////////////////////////8/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b00, low bits 0b010.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPr///////////////////////////////////////8/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b00, low bits 0b011.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPv///////////////////////////////////////8/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b00, low bits 0b100.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPz///////////////////////////////////////8/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b00, low bits 0b101.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIP3///////////////////////////////////////8/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b00, low bits 0b110.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIP7///////////////////////////////////////8/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b00, low bits 0b111.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIP////////////////////////////////////////8/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b01, low bits 0b000.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPj///////////////////////////////////////9/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b01, low bits 0b001.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPn///////////////////////////////////////9/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b01, low bits 0b010.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPr///////////////////////////////////////9/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b01, low bits 0b011.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPv///////////////////////////////////////9/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b01, low bits 0b100.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPz///////////////////////////////////////9/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b01, low bits 0b101.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIP3///////////////////////////////////////9/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b01, low bits 0b110.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIP7///////////////////////////////////////9/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b01, low bits 0b111.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIP////////////////////////////////////////9/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b10, low bits 0b000.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPj///////////////////////////////////////+/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b10, low bits 0b001.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPn///////////////////////////////////////+/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b10, low bits 0b010.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPr///////////////////////////////////////+/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b10, low bits 0b011.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPv///////////////////////////////////////+/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b10, low bits 0b100.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPz///////////////////////////////////////+/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b10, low bits 0b101.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIP3///////////////////////////////////////+/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b10, low bits 0b110.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIP7///////////////////////////////////////+/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b10, low bits 0b111.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIP////////////////////////////////////////+/oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b11, low bits 0b000.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPj/////////////////////////////////////////oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b11, low bits 0b001.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPn/////////////////////////////////////////oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b11, low bits 0b010.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPr/////////////////////////////////////////oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b11, low bits 0b011.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPv/////////////////////////////////////////oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b11, low bits 0b100.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIPz/////////////////////////////////////////oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b11, low bits 0b101.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIP3/////////////////////////////////////////oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b11, low bits 0b110.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIP7/////////////////////////////////////////oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

X25519 with private key high bits 0b11, low bits 0b111.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIP//////////////////////////////////////////oS
MDIQCEfA0sN1I082XmYJVRh6NzWg92E9FgnTpqTYxTrqpaIg==
-----END PRIVATE KEY-----

Cheers,
Brian

On Wed, May 10, 2017 at 4:21 AM, Jim Schaad <ietf@augustcellars.com> wrote:
> I have not yet gotten to the point of validating the edge cases, although the number seems to be getting to the point of a test suite which I would prefer to handle in a different manner.
>
> I have been reading the curve drafts and looking at my implementation to try and figure out what the rules are and what the implications are relative to what is being asked for.
>
> Public keys - I think that it makes sense to talk about saying that checks needs to be done on public keys.  For the set of checks I can just reference the two drafts, I do not think that I need to re-state them in this draft.
>
> Private keys - There is a slightly interesting trade-off that may need to be considered at this point.  One can either have the keys in the correct format, or one can require that the correct masking be applied during the import step.  The reason for requiring the latter is that it removes some of the fixed structure of the private key.  This has a (very small) advantage as a totally random item is harder to make guesses at.  It is true however that there is other structure in the text that is encrypted so this would be a very small advantage.  When I wrote my code, I did the import and then the masking step as the masking needs to be done in a lot of cases when operations are done.  Do people have opinions on this?
>
> OneAsymmetricKey version numbering - I am looking at putting some guidance text on this into the document.  I will send it out once I am happy with it.
>
> Jim
>
>
>
>
> -----Original Message-----
> From: Brian Smith [mailto:brian@briansmith.org]
> Sent: Tuesday, May 9, 2017 6:32 PM
> To: Jim Schaad <ietf@augustcellars.com>
> Cc: curdle <curdle@ietf.org>
> Subject: Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt
>
> Here are some more test vectors for INVALID edge cases of Ed25519 and
> X25519 PKCS#8 v2 keys that I would like to have included in the RFC.
>
> Ed25519 INVALID. The first byte of the public key, zero, is omitted.
> -----BEGIN PRIVATE KEY-----
> MFICAQEwBQYDK2VwBCIEIC3GfeUYbZGTAhwLEE2cbvJL7ivTlcy17VottfN6L8HwoS
> IDIADBfk2Lv/J8H7YYwj/OmIcDx++jzVkKrKwS0/HjyQyM
> -----END PRIVATE KEY-----
>
> Ed25519 INVALID. The last byte of the public key, zero, is omitted.
> -----BEGIN PRIVATE KEY-----
> MFICAQEwBQYDK2VwBCIEILJXn1VaLqvausjUaZexwI/ozmOFjfEk78KcYN+7hsNJoS
> IDIACdQhJwzi/MCGcsQeQnIUh2JFybDxSrZxuLudJmpJLk
> -----END PRIVATE KEY-----
>
> Ed25519 INVALID. The first byte of the private key, zero, is omitted.
> -----BEGIN PRIVATE KEY-----
> MFICAQEwBQYDK2VwBCEEH7GnwgsrTtnHjzaG24L4VHNM3JW+Ud7zBNmODNML9JChIw
> MhAGNFfNTf3Q6YpTeWJlgx1GrGpaaF8qVMlpejiyyADWC6
> -----END PRIVATE KEY-----
>
> Ed25519 INVALID. The last byte of the private key, zero, is omitted.
> -----BEGIN PRIVATE KEY-----
> MFICAQEwBQYDK2VwBCEEH6Iu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJqhIw
> MhABrrjj7lulr9kRE0ZtGfTqd/oP7/vYxa3LSZkn8SU193
> -----END PRIVATE KEY-----
>
> Ed25519 INVALID. The version is v1 but the publicKey field is included.
> -----BEGIN PRIVATE KEY-----
> MFMCAQAwBQYDK2VwBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoS
> MDIQAa644+5bpa/ZERNGbRn06nf6D+/72MWty0mZJ/ElNfdw==
> -----END PRIVATE KEY-----
>
> Ed25519 INVALID. The version is v2 but the publicKey field is missing.
> -----BEGIN PRIVATE KEY-----
> MC4CAQEwBQYDK2VwBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoA
> -----END PRIVATE KEY-----
>
> Ed25519 INVALID. The publicKey field is indicated with [0] instead of [1]; i.e. the attributes are invalid and publicKey is missing.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VwBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoC
> MDIQAa644+5bpa/ZERNGbRn06nf6D+/72MWty0mZJ/ElNfdw==
> -----END PRIVATE KEY-----
>
> X25519 INVALID. The private key's last byte, zero, is omitted.
> -----BEGIN PRIVATE KEY-----
> MFICAQEwBQYDK2VuBCEEH6Iu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJqhIw
> MhAOWJcLaHaY9hIDkvGBm2JKcXLJyuxCsL83hbQMYGzChg
> -----END PRIVATE KEY-----
>
> X25519 INVALID. The private key's first byte, zero, is omitted.
> -----BEGIN PRIVATE KEY-----
> MFICAQEwBQYDK2VuBCEEH7GnwgsrTtnHjzaG24L4VHNM3JW+Ud7zBNmODNML9JChIw
> MhANTsroYyWV7Klhb92EAP8ungtlqQxS58Bm7mPT7RjB4H
> -----END PRIVATE KEY-----
>
> X25519 INVALID. The public key's first byte, zero, is omitted.
> -----BEGIN PRIVATE KEY-----
> MFICAQEwBQYDK2VuBCIEILk6+PsBTElrUDbktWya6voRhmEjk7/6kA3NocUxR5yAoS
> IDIAA7eraRAqyFgDnLBqnjanLu6rRLHvnWHAaB5BRwLf8P
> -----END PRIVATE KEY-----
>
> X25519 INVALID. The public key's last byte, zero, is omitted.
> -----BEGIN PRIVATE KEY-----
> MFICAQEwBQYDK2VuBCIEIHLXzckbjCm4crsB85VeSSH7kxonnTnUMO+QfBbe2JVIoS
> IDIACZxD/fCNjPVwXxYAKr8DhD7Vw0q8PrhpvXW5j2krCY
> -----END PRIVATE KEY-----
>
> X25519 INVALID. The version is v1 but it has a publicKey field.
> -----BEGIN PRIVATE KEY-----
> MFMCAQAwBQYDK2VuBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoS
> MDIQDliXC2h2mPYSA5LxgZtiSnFyycrsQrC/N4W0DGBswoYA==
> -----END PRIVATE KEY-----
>
> X25519 INVALID. The publicKey field is indicated with [0] instead of [1]; i.e. the attributes are invalid and publicKey is missing.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoC
> MDIQDliXC2h2mPYSA5LxgZtiSnFyycrsQrC/N4W0DGBswoYA==
> -----END PRIVATE KEY-----
>
> X25519 INVALID. The version is v2 but there is no publicKey field.
> -----BEGIN PRIVATE KEY-----
> MC4CAQEwBQYDK2VuBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoA
> -----END PRIVATE KEY-----
>
> Cheers,
> Brian
>
> On Sun, May 7, 2017 at 7:39 PM, Brian Smith <brian@briansmith.org> wrote:
>> On Sun, May 7, 2017 at 1:46 PM, Brian Smith <brian@briansmith.org> wrote:
>>> Here are 5 examples of v2 PKCS#8 Ed25519 private keys, with the
>>> public key included, that I'd like to have included in the RFC as
>>> test vectors. The first four examples are valid (I hope!) and 5th
>>> example is invalid.
>>
>> Here are 4 pairs of example X25519 PKCS#8 v2 keys. The first key in
>> each pair has its public key's high bit clear. The second key in each
>> pair is the same except it has its public key's high bit set.
>>
>> The private key ends with a zero byte. The public key's high bit is
>> zero.
>> -----BEGIN PRIVATE KEY-----
>> MFMCAQEwBQYDK2VuBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoS
>> MDIQDliXC2h2mPYSA5LxgZtiSnFyycrsQrC/N4W0DGBswoYA==
>> -----END PRIVATE KEY-----
>>
>> The private key is the same as the previous one. The public key is
>> also the same except its high bit is one.
>> -----BEGIN PRIVATE KEY-----
>> MFMCAQEwBQYDK2VuBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoS
>> MDIQDliXC2h2mPYSA5LxgZtiSnFyycrsQrC/N4W0DGBswo4A==
>> -----END PRIVATE KEY-----
>>
>> The private key starts with a zero byte. The public key's high bit is
>> zero.
>> -----BEGIN PRIVATE KEY-----
>> MFMCAQEwBQYDK2VuBCIEIACxp8ILK07Zx482htuC+FRzTNyVvlHe8wTZjgzTC/SQoS
>> MDIQDU7K6GMlleypYW/dhAD/Lp4LZakMUufAZu5j0+0YweBw==
>> -----END PRIVATE KEY-----
>>
>> The private key is the same as the previous one. The public key is
>> also the same except its high bit is one.
>> -----BEGIN PRIVATE KEY-----
>> MFMCAQEwBQYDK2VuBCIEIACxp8ILK07Zx482htuC+FRzTNyVvlHe8wTZjgzTC/SQoS
>> MDIQDU7K6GMlleypYW/dhAD/Lp4LZakMUufAZu5j0+0Ywehw==
>> -----END PRIVATE KEY-----
>>
>> The public key starts with a zero byte. The public key's high bit is
>> zero.
>> -----BEGIN PRIVATE KEY-----
>> MFMCAQEwBQYDK2VuBCIEILk6+PsBTElrUDbktWya6voRhmEjk7/6kA3NocUxR5yAoS
>> MDIQAAO3q2kQKshYA5ywap42py7uq0Sx751hwGgeQUcC3/Dw==
>> -----END PRIVATE KEY-----
>>
>> The private key is the same as the previous one. The public key is
>> also the same except its high bit is one.
>> -----BEGIN PRIVATE KEY-----
>> MFMCAQEwBQYDK2VuBCIEILk6+PsBTElrUDbktWya6voRhmEjk7/6kA3NocUxR5yAoS
>> MDIQAAO3q2kQKshYA5ywap42py7uq0Sx751hwGgeQUcC3/jw==
>> -----END PRIVATE KEY-----
>>
>> The public key ends with a zero byte, and thus its high bit is zero.
>> -----BEGIN PRIVATE KEY-----
>> MFMCAQEwBQYDK2VuBCIEIHLXzckbjCm4crsB85VeSSH7kxonnTnUMO+QfBbe2JVIoS
>> MDIQCZxD/fCNjPVwXxYAKr8DhD7Vw0q8PrhpvXW5j2krCYAA==
>> -----END PRIVATE KEY-----
>>
>> The private key is the same as the previous one. The public key is
>> also the same except its high bit is one.
>> -----BEGIN PRIVATE KEY-----
>> MFMCAQEwBQYDK2VuBCIEIHLXzckbjCm4crsB85VeSSH7kxonnTnUMO+QfBbe2JVIoS
>> MDIQCZxD/fCNjPVwXxYAKr8DhD7Vw0q8PrhpvXW5j2krCYgA==
>> -----END PRIVATE KEY-----
>>
>> Cheers,
>> Brian
>> --
>> https://briansmith.org/
>
>
>
> --
> https://briansmith.org/
>



-- 
https://briansmith.org/