Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03

[Jim Schaad <ietf@augustcellars.com>]

I believe that the OpenSSL people would be sad if we changed this at this time.  I did some interop testing with their developers before the last version was released and the OCTET STRING wrapper on the private key is what we were doing at the time.

Jim

From: Curdle [mailto:curdle-bounces@ietf.org] On Behalf Of David Benjamin
Sent: Wednesday, December 14, 2016 5:23 AM
To: Ilari Liusvaara <ilariliusvaara@welho.com>; str4d <str4d@i2pmail.org>
Cc: curdle@ietf.org
Subject: Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03

On Wed, Dec 14, 2016 at 7:15 AM Ilari Liusvaara <mailto:ilariliusvaara@welho.com> wrote:
On Wed, Dec 14, 2016 at 10:54:34AM +0000, str4d wrote:
> Hello,
>
> I am currently updating my EdDSA Java library to implement the current
> spec for key encoding [0] (previously I used
> draft-josefsson-pkix-eddsa-04 for public keys, and the equivalent in
> PKCS#8 format for private keys). The example public key given in
> draft-ietf-curdle-pkix-03 [1] passes my tests, however the example
> private key [2] does not.
>
> It appears that the private key material within the example is 34 bytes,
> but according to Section 3.2 of draft-irtf-cfrg-eddsa-08 [3] (which
> AFAICT the present draft defers to for encoding), the private key is the
> b-bit seed k, which is 32 bytes.
>
> Am I missing something? If the example keys in the present draft are
> correct, it would be helpful to add a reference that clarifies their
> exact encoding.

Apparently the key is wrapped in OCTET STRING twice for some reason,
so the length is actually 32 bytes (the first 2 are second OCTET STRING
header).

Is it too late to change that / was there any particular reason for this? Not that saving or using two bytes really matters, but it seems unnecessary when we already have an OCTET-STRING-shaped hole to put our octet string in.



David