-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenPGP: Support for Curve25519, Ed25519, X448 and Ed448 #1142
Comments
Although ECDH over Curve25519 and EdDSA over Ed25519 apparently use the wrong OIDs in some cases, working with those keys does not present any obvious problems for now. I'm still pointing it out here, as I cannot follow the code. |
Any news on this? So this is above my head unfortunately :( Let me know if I can help this advance in any way though :) |
I'm reusing this issue tracker to report about some observations I made. I'm currently working on making sure that X448, Ed448 are ready to be used with OpenPGP. The PGPKeyConverter base class does not support X448 in Both the JcaPgpKeyConverter and BcPgpKeyConverter class trip over X448 keys (see also #1584 ). In some places, the current implementation returns an instance of the new dedicated BCPGKey classes intended for X448/X25519/Ed448/Ed25519, even if the algorithm ID is ECDH or EdDSA_LEGACY. In my experimental branch I fixed this, such that the dedicated classes are only used together with the dedicated algorithm IDs. In a test where I convert between JcaPgpKeyPair and BcPgpKeyPair objects I noticed, that the underlying keypair implementation oftentimes changes in a way that makes detecting the actual curve very hard. For example, an X25519 key may have a I will continue to work on my experimental branch and write more tests to ensure correct functionality and then reimplement my patches in a clean, comprehensible way to create a PR. |
I created #1658 to add X448 support to |
I figured out, that the underlying key class changes depending on whether For X25519, X448, Ed25519, Ed448 I got key conversion working, regardless of which provider is used. However, for EC keys over prime256v1, P-256, conversion fails without the BC provider. |
Hey!
As far as I can tell, BC is missing support for some algorithms. Also, there are ambiguities regarding the used curve OIDs. Here are my observations, note that I'm not an expert, so my observations might be wrong:
BCs Curve Constants
I'm comparing the curve OIDs to those from crypto-refresh-05:
CryptlibObjectIdentifiers.curvey25519
EdECObjectIdentifiers.id_X25519
EdECObjectIdentifiers.id_X448
EdECObjectIdentifiers.id_Ed25519
EdECObjectIdentifiers.id_Ed448
GNUObjectIdentifiers.Ed25519
JcaPGPKeyConverter
BcPGPKeyConverter
Footnotes
Comments mention XDH, refer to
EdECObjectIdentifiers.id_X25519
, should useCryptlibObjectIdentifiers.curvey25519
? (src) ↩Refers to
EdECObjectIdentifiers.id_X25519
in method call, should useCryptlibObjectIdentifiers.curvey25519
? (src) ↩Source is not clear, does not compare OIDs (src) ↩ ↩2
Refers to
EdECObjectIdentifiers.id_Ed25519
, should useGNUObjectIdentifiers.Ed25519
? (src) ↩Refers to
EdECObjectIdentifiers.id_Ed25519
, should useCryptlibObjectIdentifiers.curvey25519
? (src) ↩Source is not clear, does not compare OIDs (src) ↩ ↩2
Comments mention X25519, refers to
EdECObjectIdentifiers.id_X25519
, should useCryptlibObjectIdentifiers.curvey25519
? (src) ↩Refers to
EdECObjectIdentifiers.id_X25519
, should useCryptlibObjectIdentifiers.curvey25519
? (src) ↩Comment and code mention "X25519", not clear if it uses Ed25519 ↩
pubkey instanceof X25519PublicKeyParameters
, is this correct forCurve25519
? ↩Refers to
EdECObjectIdentifiers.id_Ed25519
, should useGNUObjectIdentifiers.Ed25519
? (src) ↩If statement is hard to read (src) ↩
The text was updated successfully, but these errors were encountered: