include Curve448 "option 1" -- "same as Curve25519" (!67) · Merge requests · openpgp-wg / rfc4880bis

Daniel Kahn Gillmor requested to merge curve448-option-1 into main Sep 24, 2021

Assuming that we're OK with merging !64 (merged), this implements "option 1" as defined by the OpenPGP design-team discussions:

# Option 1: Same as Curve25519

(Public parameters; private parameters):

- EdDSA key: OID, MPI(0x40 || public key); MPI(private key seed)
- EdDSA signature: MPI(r), MPI(s)
- ECDH key: OID, MPI(0x40 || public key), KDF; MPI(reverse(private key))
- ECDH message: MPI(public ephemeral key), one-octet length || symmetric key

It still doesn't include clear answers to a few questions from #37 (closed) -- in particular, choice of context and Ed448 variant are not selected.

Edited Sep 24, 2021 by Daniel Kahn Gillmor

include Curve448 "option 1" -- "same as Curve25519"

Merge request reports