ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] EdDSA problem and possible change about ECC

2019-12-02 20:39:58
from [NIIBE Yutaka] [Permanent Link] 
Hello,

Attached are example EdDSA public and secret key with malformed MPI.

In secret part and siganature (R and S), it starts by zero octet and it
says it's 256-bit.

With modified GnuPG (which can show malformed MPI representation),
gpg -v --list-packet shows:

==========================
# off=0 ctb=94 tag=5 hlen=2 plen=88
:secret key packet:
        version 4, algo 22, created 1541067011, expires 0
        pkey[0]: 092B06010401DA470F01 ed25519 (1.3.6.1.4.1.11591.15.1)
        pkey[1]: 
4000001F8BEA42B3C74C50AA3589B1AA065F196857DB97A75E4A54953F093E6772
        skey[2]: 
0000000000000000000000000000000000000000000000000000000000000024
        checksum: 07b6
        keyid: 603315C930792940
# off=90 ctb=b4 tag=13 hlen=2 plen=35
:user ID packet: "ECC Test Key <ecc-test(_at_)example(_dot_)org>"
# off=127 ctb=88 tag=2 hlen=2 plen=148
:signature packet: algo 22, keyid 603315C930792940
        version 4, created 1541115112, md5len 0, sigclass 0x13
        digest algo 8, begin of digest c0 f0
        hashed subpkt 33 len 21 (issuer fpr v4 
F2C1264E292A298AEB4BC348603315C930792940)
        hashed subpkt 2 len 4 (sig created 2018-11-01)
        hashed subpkt 27 len 1 (key flags: 03)
        hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
        hashed subpkt 34 len 2 (pref-aead-algos: 2 1)
        hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
        hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
        hashed subpkt 30 len 1 (features: 07)
        hashed subpkt 23 len 1 (keyserver preferences: 80)
        subpkt 16 len 8 (issuer key ID 603315C930792940)
        data: 00A594ACA396212AD2800C8ED426449ECABC4B561000E12B96D8EFE3BDBED153
        data: 00112F614291A5C8E5548B6CACEBABA1DB95394DAC15461C21EC9AB037A77D07
==========================

In my opinion, those data (secret part, signature) are better to be
defined as non-MPI.

Once, I thought that it is also good for the public part (the point
representation in pkey[1]) to be defined as non-MPI.  However, this part
is used for fingerprint computation, so, I realized that changing the
definition is not easy.

--

Attachment: ecc-test-key-sos-1-pub.asc
Description: application/pgp-keys

Attachment: ecc-test-key-sos-1-sec.asc
Description: application/pgp-keys

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: [openpgp] EdDSA problem and possible change about ECC, NIIBE Yutaka <=
Previous by Date:  Re: [openpgp] Stateless OpenPGP command line interface proposal, Daniel Kahn Gillmor
Next by Date:  Re: [openpgp] Stateless OpenPGP command line interface proposal, Peter Gutmann
Previous by Thread:  Re: [openpgp] Stateless OpenPGP command line interface proposal, iang
Next by Thread:  Re: [openpgp] Dealing with clock skew, Phillip Hallam-Baker
Indexes:  [Date] [Thread] [Top] [All Lists]