diff options
author | Werner Koch <wk@gnupg.org> | 2013-10-25 15:44:03 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2013-10-29 14:38:53 +0100 |
commit | ba892a0a874c8b2a83dbf0940608cd7e2911ce01 (patch) | |
tree | 05d693e86d52f336aa9142c8176fb5a88a3b59cb /doc | |
parent | 1faa61845f180bd47e037e400dde2d864ee83c89 (diff) | |
download | libgcrypt-ba892a0a874c8b2a83dbf0940608cd7e2911ce01.tar.gz |
ecc: Add flags "noparam" and "comp".
* src/cipher.h (PUBKEY_FLAG_NOPARAM, PUBKEY_FLAG_COMP): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Parse new flags
and change code for possible faster parsing.
* cipher/ecc.c (ecc_generate): Implement the "noparam" flag.
(ecc_sign): Ditto.
(ecc_verify): Ditto.
* tests/keygen.c (check_ecc_keys): Use the "noparam" flag.
* cipher/ecc.c (ecc_generate): Fix parsing of the deprecated
transient-flag parameter.
(ecc_verify): Do not make Q optional in the extract-param call.
--
Note that the "comp" flag has not yet any effect.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/gcrypt.texi | 38 |
1 files changed, 36 insertions, 2 deletions
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 6dcb4b13..4a202ddb 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -2230,6 +2230,14 @@ named `flags'. Flag names are case-sensitive. The following flags are known: @table @code + +@item comp +@cindex comp +If supported and not yet the default return ECC points in compact +(compressed) representation. The compact representation requires a +small overhead before a point can be used but halves the size of a to +be conveyed public key. + @item pkcs1 @cindex PKCS1 Use PKCS#1 block type 2 padding for encryption, block type 1 padding @@ -2264,6 +2272,16 @@ order to prevent leaking of secret information. Blinding is only implemented by RSA, but it might be implemented by other algorithms in the future as well, when necessary. +@item noparam +@cindex noparam +For ECC key generation do not return the domain parameters but only +the name of the curve. For ECC signing and verification ignore any +provided domain parameters of the public or private key and use only +the curve name. It is more secure to rely on the curve name and thus +use the curve parameters as known by Libgcrypt. This option shouild +have been the default but for backward compatibility reasons this is +not possible. It is best to always use this flag with ECC keys. + @item transient-key @cindex transient-key This flag is only meaningful for RSA, DSA, and ECC key generation. If @@ -2836,7 +2854,7 @@ is in general not recommended. @example (genkey (ecc - (flags transient-key ecdsa))) + (flags noparam transient-key ecdsa))) @end example @item transient-key @@ -2856,7 +2874,8 @@ private and public keys are returned in one container and may be accompanied by some miscellaneous information. @noindent -As an example, here is what the Elgamal key generation returns: +Here are two examples; the first for Elgamal and the second for +elliptic curve key generation: @example (key-data @@ -2875,6 +2894,21 @@ As an example, here is what the Elgamal key generation returns: (pm1-factors @var{n1 n2 ... nn})) @end example +@example +(key-data + (public-key + (ecc + (curve Ed25519) + (flags noparam) + (q @var{q-value}))) + (private-key + (ecc + (curve Ed25519) + (flags noparam) + (q @var{q-value}) + (d @var{d-value})))) +@end example + @noindent As you can see, some of the information is duplicated, but this provides an easy way to extract either the public or the private key. |