diff options
author | Werner Koch <wk@gnupg.org> | 2015-05-21 16:24:36 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2015-05-21 16:52:17 +0200 |
commit | 2bddd947fd1c11b4ec461576db65a5e34fea1b07 (patch) | |
tree | 55279d01ace3ac8b700f030f380794fa38df5671 /doc/gcrypt.texi | |
parent | 102d68b3bd77813a3ff989526855bb1e283bf9d7 (diff) | |
download | libgcrypt-2bddd947fd1c11b4ec461576db65a5e34fea1b07.tar.gz |
ecc: Add key generation flag "no-keytest".
* src/cipher.h (PUBKEY_FLAG_NO_KEYTEST): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag
"no-keytest". Return an error for invalid flags of length 10.
* cipher/ecc.c (nist_generate_key): Replace arg random_level by flags
set random level depending on flags.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto.
* cipher/ecc.c (ecc_generate): Pass flags to generate fucntion and
remove var random_level.
(nist_generate_key): Implement "no-keytest" flag.
* tests/keygen.c (check_ecc_keys): Add tests for transient-key and
no-keytest.
--
After key creation we usually run a test to check whether the keys
really work. However for transient keys this might be too time
consuming and given that a failed test would anyway abort the process
the optional use of a flag to skip the test is appropriate.
Using Ed25519 for EdDSA and the "no-keytest" flags halves the time to
create such a key. This was measured by looping the last test from
check_ecc_keys() 1000 times with and without the flag.
Due to a bug in the flags parser unknown flags with a length of 10
characters were not detected. Thus the "no-keytest" flag can be
employed by all software even for libraries before this. That bug is
however solved with this version.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'doc/gcrypt.texi')
-rw-r--r-- | doc/gcrypt.texi | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index ab4f685b..f13695a3 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -2327,6 +2327,13 @@ random number generator. This flag may be used for keys which are only used for a short time or per-message and do not require full cryptographic strength. +@item no-keytest +@cindex no-keytest +This flag skips internal failsafe tests to assert that a generated key +is properly working. It currently has an effect only for standard ECC +key generation. It is mostly useful along with transient-key to +achieve fastest ECC key generation. + @item use-x931 @cindex X9.31 Force the use of the ANSI X9.31 key generation algorithm instead of |