Re: [openpgp] Curve25519/ECDH
Clint Adams <clint@debian.org> Sun, 27 August 2017 22:29 UTC
Return-Path: <clint@debian.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79EA51321C9 for <openpgp@ietfa.amsl.com>; Sun, 27 Aug 2017 15:29:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iwCwRcCs1wYZ for <openpgp@ietfa.amsl.com>; Sun, 27 Aug 2017 15:29:48 -0700 (PDT)
Received: from thumb.scru.org (thumb.scru.org [IPv6:2600:3c00::f03c:91ff:fe96:c8b9]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4D78132192 for <openpgp@ietf.org>; Sun, 27 Aug 2017 15:29:48 -0700 (PDT)
Received: by thumb.scru.org (Postfix, from userid 1000) id 9BB006255F; Sun, 27 Aug 2017 22:29:46 +0000 (UTC)
Date: Sun, 27 Aug 2017 22:29:46 +0000
From: Clint Adams <clint@debian.org>
To: openpgp@ietf.org
Message-ID: <20170827222946.xnrkx4sdtitefwoc@scru.org>
References: <20170811201011.2fynredjcllcgz2f@scru.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20170811201011.2fynredjcllcgz2f@scru.org>
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/bTEhCsMmGyWnqDJUNrkw8_nokQ0>
Subject: Re: [openpgp] Curve25519/ECDH
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Aug 2017 22:29:50 -0000
On Fri, Aug 11, 2017 at 08:10:11PM +0000, Clint Adams wrote: > After speaking with NIIBE-san this morning, I think there could be some > more clarity with regard to how Curve25519 keys are meant to be > public-key algorithm 18. > > To that end I've submitted https://gitlab.com/openpgp-wg/rfc4880bis/merge_requests/5 Per request, into the list archive: While Ed25519 gets its own packet tag, Curve25519 keys are treated the same as ECDH (by design and by the GnuPG implementation). --- middle.mkd | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/middle.mkd b/middle.mkd index ec864c4..2615cf4 100644 --- a/middle.mkd +++ b/middle.mkd @@ -3735,8 +3735,8 @@ found in [](#KOBLITZ). This document references five named prime field curves, defined in [](#FIPS186) as "Curve P-256", "Curve P-384", and "Curve P-521"; and defined in [](#RFC5639) as "brainpoolP256r1", and "brainpoolP512r1". -Further curve "Ed25519", defined in [](#I-D.irtf-cfrg-eddsa) is -referenced for use with the EdDSA algorithm. +Further curve "Curve25519", defined in [](#RFC7748) is referenced +for use with Ed25519 (EdDSA signing) and X25519 (encryption). The named curves are referenced as a sequence of bytes in this document, called throughout, curve OID. [](#ecc-curve-oid) describes @@ -3756,7 +3756,8 @@ size. The adjusted underlying field size is the underlying field size that is rounded up to the nearest 8-bit boundary. Therefore, the exact size of the MPI payload is 515 bits for "Curve -P-256", 771 for "Curve P-384", and 1059 for "Curve P-521". +P-256", 771 for "Curve P-384", 1059 for "Curve P-521", and ???{FIXME} +for Curve25519. Even though the zero point, also called the point at infinity, may occur as a result of arithmetic operations on points of an elliptic @@ -3867,7 +3868,8 @@ definition of the OtherInfo bitstring [](#SP800-56A): fingerprint are used. The size of the KDF parameters sequence, defined above, is either 54 -for the NIST curve P-256 or 51 for the curves P-384 and P-521. +for the NIST curve P-256, 51 for the curves P-384 and P-521, or +???{FIXME} for Curve25519. The key wrapping method is described in [](#RFC3394). KDF produces a symmetric key that is used as a key-encryption key (KEK) as specified -- 2.14.1
- [openpgp] Curve25519/ECDH Clint Adams
- Re: [openpgp] Curve25519/ECDH Clint Adams
- Re: [openpgp] Curve25519/ECDH Werner Koch