ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Curve25519/ECDH

2017-08-27 17:29:58
On Fri, Aug 11, 2017 at 08:10:11PM +0000, Clint Adams wrote:
After speaking with NIIBE-san this morning, I think there could be some
more clarity with regard to how Curve25519 keys are meant to be
public-key algorithm 18.

To that end I've submitted 
https://gitlab.com/openpgp-wg/rfc4880bis/merge_requests/5

Per request, into the list archive:


While Ed25519 gets its own packet tag, Curve25519 keys are treated
the same as ECDH (by design and by the GnuPG implementation).
---
 middle.mkd | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/middle.mkd b/middle.mkd
index ec864c4..2615cf4 100644
--- a/middle.mkd
+++ b/middle.mkd
@@ -3735,8 +3735,8 @@ found in [](#KOBLITZ).
 This document references five named prime field curves, defined in
 [](#FIPS186) as "Curve P-256", "Curve P-384", and "Curve P-521"; and
 defined in [](#RFC5639) as "brainpoolP256r1", and "brainpoolP512r1".
-Further curve "Ed25519", defined in [](#I-D.irtf-cfrg-eddsa) is
-referenced for use with the EdDSA algorithm.
+Further curve "Curve25519", defined in [](#RFC7748) is referenced
+for use with Ed25519 (EdDSA signing) and X25519 (encryption).
 
 The named curves are referenced as a sequence of bytes in this
 document, called throughout, curve OID.  [](#ecc-curve-oid) describes
@@ -3756,7 +3756,8 @@ size.  The adjusted underlying field size is the 
underlying field size
 that is rounded up to the nearest 8-bit boundary.
 
 Therefore, the exact size of the MPI payload is 515 bits for "Curve
-P-256", 771 for "Curve P-384", and 1059 for "Curve P-521".
+P-256", 771 for "Curve P-384", 1059 for "Curve P-521", and ???{FIXME}
+for Curve25519.
 
 Even though the zero point, also called the point at infinity, may
 occur as a result of arithmetic operations on points of an elliptic
@@ -3867,7 +3868,8 @@ definition of the OtherInfo bitstring [](#SP800-56A):
     fingerprint are used.
 
 The size of the KDF parameters sequence, defined above, is either 54
-for the NIST curve P-256 or 51 for the curves P-384 and P-521.
+for the NIST curve P-256, 51 for the curves P-384 and P-521, or
+???{FIXME} for Curve25519.
 
 The key wrapping method is described in [](#RFC3394).  KDF produces a
 symmetric key that is used as a key-encryption key (KEK) as specified
-- 
2.14.1

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>