Hello,
Attached are example EdDSA public and secret key with malformed MPI.
In secret part and siganature (R and S), it starts by zero octet and it
says it's 256-bit.
With modified GnuPG (which can show malformed MPI representation),
gpg -v --list-packet shows:
==========================
# off=0 ctb=94 tag=5 hlen=2 plen=88
:secret key packet:
version 4, algo 22, created 1541067011, expires 0
pkey[0]: 092B06010401DA470F01 ed25519 (1.3.6.1.4.1.11591.15.1)
pkey[1]:
4000001F8BEA42B3C74C50AA3589B1AA065F196857DB97A75E4A54953F093E6772
skey[2]:
0000000000000000000000000000000000000000000000000000000000000024
checksum: 07b6
keyid: 603315C930792940
# off=90 ctb=b4 tag=13 hlen=2 plen=35
:user ID packet: "ECC Test Key <ecc-test(_at_)example(_dot_)org>"
# off=127 ctb=88 tag=2 hlen=2 plen=148
:signature packet: algo 22, keyid 603315C930792940
version 4, created 1541115112, md5len 0, sigclass 0x13
digest algo 8, begin of digest c0 f0
hashed subpkt 33 len 21 (issuer fpr v4
F2C1264E292A298AEB4BC348603315C930792940)
hashed subpkt 2 len 4 (sig created 2018-11-01)
hashed subpkt 27 len 1 (key flags: 03)
hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
hashed subpkt 34 len 2 (pref-aead-algos: 2 1)
hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 07)
hashed subpkt 23 len 1 (keyserver preferences: 80)
subpkt 16 len 8 (issuer key ID 603315C930792940)
data: 00A594ACA396212AD2800C8ED426449ECABC4B561000E12B96D8EFE3BDBED153
data: 00112F614291A5C8E5548B6CACEBABA1DB95394DAC15461C21EC9AB037A77D07
==========================
In my opinion, those data (secret part, signature) are better to be
defined as non-MPI.
Once, I thought that it is also good for the public part (the point
representation in pkey[1]) to be defined as non-MPI. However, this part
is used for fingerprint computation, so, I realized that changing the
definition is not easy.
--
ecc-test-key-sos-1-pub.asc
Description: application/pgp-keys
ecc-test-key-sos-1-sec.asc
Description: application/pgp-keys
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp