[curves] 25519 implementations in JavaScript

Werner Koch wk at gnupg.org
Wed Jun 4 09:58:12 PDT 2014

On Wed,  4 Jun 2014 07:21, gk at mega.co.nz said:

> Yes, it seems like Werner Koch has mentioned the usage of Ed/Curve25519
> for the first time in October last year on the OpenPGP mailing list.

The plan was to wait for a standardization of the Chicago curves and
then add them to the OpenPGP standard.  My main question is whether we
want to use a compression indicator byte (e.g. 0x40 := "compressed as
defined by the curve") and continue to use the existing ECC framework
for OpenPGP (RFC-6637) or to define a new algorithm identifier and key
packet format for Ed25519 and future EdDSA curves.  And should we keep
on using an OID to identify the curve or save the bytes and deduce the
curve from the size of the key material.

For Ed25519 in GnuPG I am for now using an algorithm identifier from the
experimental range along with uncompressed points according to RFC-6637.
There will be a beta release this month.  For a real release this needs
to be finally fixed, though.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Curves mailing list