consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..)
Thomas von Dein
tom at vondein.org
Tue Jan 14 03:16:53 PST 2014
> consistent key formats are critical
more than fine with me.
> need to converge on:
> - endianness
I'm currently using big endian for multibyte values whereever they
appear. It's already verified to work on little and big endian platforms
(e.g. tested on aix/ppc)
> - coordinate representation x, x&y, x and sign ...
> or bits to show which of these ... perhaps borrow ANSI method
Could you please explain this further?
> - hint / indication of cipher suite / curve
In pcp there's already such a hint included in exported keys, however
I'm not using it, since there's no choice of different curves in
libsodium so far. But it's on the list.
> - text encoding of binary format (ascii)
As already stated in the other subthread, I use Z85, while stef is using
base85. Since Z85 is a subset of base85, I'm pretty sure we can agree on
something.
> - human readable format
There's a human readable version of keys in pcp, but the tool itself
doesn't use it (example attached). It uses the z85 encoded binary part
of such a file.
pcp has some more fields stored in a key than pbp:
- a key id (e.g. 0x54E9C62E1852EBC5) which is required to identify a key
- some text fields (owner, mail)
- a serial number
- key format version number
I'm not sure, how stef solved the ed25519 issue (you can't use a
curve25519 secret key to create an ed25519 signature directly). After
some discussion on the libsodium mailinglist we came up with this:
When the user generates a new key, the ed25519 secret key will be
generated first. The curve25519 secret will be derived from that, since
the ed25519 already contains a usable curve25519 key. In pcp I store
both of them for easier access, so the ed25519 and curve25519 secret and
public keys are stored, the secret keys are encrypted and I store the
nonce as well (see include/pcp/key.h).
Speaking of key encryption: @stef: according to your docs you're already
using scrypt() for key derivation. I'd like to use that as well, but
it's not part of libsodium (afaik), so I use my own method for this til
scrypt() is implemented in libsodium. That's because I want to avoid
writing crypto code myself.
Maybe we should iron out the details off-list?
bes,
Tom
--
PGP Key: https://www.daemon.de/txt/tom-pgp-pubkey.txt
S/Mime Cert: https://www.daemon.de/txt/tom-smime-cert.pem
Bitmessage: BM-2DAcYUx3xByfwbx2bYYxeXgq3zDscez8wC
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
----- BEGIN PCP PUBLIC KEY -----
Generated by: Pretty Curved Privacy Version 0.1.5
Cipher: CURVE25519-ED25519-SALSA20-POLY1305
Owner: Alicia
Mail: alicia at local
Key-ID: 0x518602BB8F2D8C7F
Public-Key: 1eRhFt(S$Aj[MWvNqYUgL(Mfpe86usIa9bvMwFc/7YTKo
Creation Time: 2013-11-24T19:38:59
Checksum: 12:FE:CA:AD:09:3E:9F:2D:3D:3A:E8:8C:86:D5:75:58
C3:9C:5C:51:96:F7:1E:FA:0F:6D:75:1C:20:87:53:2D
Serial Number: 0x49B690C5
Key Version: 0x00000004
Random Art ID: +----------------+
| . |
| . . . |
| o o |
| . + . .|
| . = . +o|
| . . o +|
| . |
| |
+----------------+
1eRhFt(S$Aj[MWvNqYUgL(Mfpe86usIa9bvMwFc/7^R<>]u#!:jIb>^+HObot$n)mmc+r:n
}14[Zcddn*^b:<v}/uKAjgTDFi}ApL/jtC[47Yg8Rx#$)%tEdZp-Utr0(jI[%%jWp)pt0u+
ys-SF.j-oM(RKNiE:#[v*Bj+8&JH2rQ3EBCDs*J<U)sgcm[(7&=<3x/T:xEi6!Vz-#=C>:?
%SZKTmRJYshko/&>x<*o77i[XM3W^-(OEt>6IvJkr]D<&D4cN?z.&Gl//X/D[KsAOUwlMLz
fCSdcJ at a>wDHDFwj at M!RyQo.OT5jB0C5^&1J[>}d5bBR}lYwK+rlZfP&yme.D}}vxg6SW^U
U$(/JeTC(w6t.*v9LxYl>7kQ^W)!sN5pBP+P(eVO)5Wu7vqGT/x<<nyz!0i(06bWS5^dXUT
(DC.Y]e*d]r^yB>4zpJbh{}Smh5R?}42cWM at YOy+P2$/+Z#d=11b)8u]L[rh]7!DJglxt=-
E=o)OI1s)g(rbpa8I{AJKG[nkxhVzf(j}!tgtaLm7t]B-<xSdHrqbQzOFJFhW%Y@^q-/})F
iDJMM}@oSyNeIy=e#MrKPF-:M at TZ2D05hhG]LMB/p{h<E at UpM]]@>3=tBMsTL$Q27$%n+wm
72<g62jV:ZR&Ry&IxL)P]zK?r%I@:${D<z>F):2ctn)*?IOe64&^>h={:UX7fKdj{myaS[o
l>o*<]dLqBf/R6Bgd1q!mLWv>lPmEm0@@r308!$I.VfVp1wc4--q/(r
------ END PCP PUBLICKEY ------
More information about the cypherpunks
mailing list