Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. devel
Generating ECC shared-secret
gnupg-devel at gnupg
Sep 12, 2019, 11:18 AM
Post #1 of 2 (357 views)
Permalink
Good Thursday,

I'm stuck figuring out how an ECC shared-secret should be generated
with Libgcrypt.

So far as I'm aware, the goal, after generating a public key with a
random number, is to replace the generator point G with the other
party's public key and use the local private key again to generate the
shared secret.

So I get the other party's q-point, then I (by some mechanism) convert
the q-point to an mpi-point? I tried gcry_sexp_build(.. "(genkey (ecc
(curve "NIST P-192") (g %S) (d %M)))",
gcry_sexp_cdr(gcry_sexp_find_token(other_party_keydata, "q", 1)),
u8_ptr_localprivatekey_as_mpi); And a few variations of that, and I
don't get any error, but I get a duplicate public-key returned that
matches verbatim the private-key.

I need to know how the API wants me to generate a shared secret. If
the way I was doing it is the right direction, how do I properly
convert the q-point into a valid g-point?

Regards,

Tyler Jowers

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: Generating ECC shared-secret [ In reply to ]
manowar at altlinux
Sep 12, 2019, 1:24 PM
Post #2 of 2 (357 views)
Permalink
12.09.2019 21:18, Tyler Jowers via Gnupg-devel ?????:
> Good Thursday,
>
> I'm stuck figuring out how an ECC shared-secret should be generated
> with Libgcrypt.
>
> So far as I'm aware, the goal, after generating a public key with a
> random number, is to replace the generator point G with the other
> party's public key and use the local private key again to generate the
> shared secret.
>
> So I get the other party's q-point, then I (by some mechanism) convert
> the q-point to an mpi-point? I tried gcry_sexp_build(.. "(genkey (ecc
> (curve "NIST P-192") (g %S) (d %M)))",
> gcry_sexp_cdr(gcry_sexp_find_token(other_party_keydata, "q", 1)),
> u8_ptr_localprivatekey_as_mpi); And a few variations of that, and I
> don't get any error, but I get a duplicate public-key returned that
> matches verbatim the private-key.
>
> I need to know how the API wants me to generate a shared secret. If
> the way I was doing it is the right direction, how do I properly
> convert the q-point into a valid g-point?

Hi!

cipher/ecc.c: ecc_encrypt_raw() do all that for you. The other part is
in GnuPG: g10/pkglue.c: pk_encrypt(). It works as follows: you generate
an ephemeral private key — a scalar, — and after ecc_encrypt_raw() you
get a) the shared point; b) the ephemeral public key (that corresponds
to the ephemeral private key you've passed to ecc_encrypt_raw()). The
way you get your shared secret — a scalar, suitable for symmetric
encryption — from shared point depends on the key agreement algorithm.
One example is the ECDH, implemented in g10/ecdh.c. Another one is GOST
VKO I'm working on. In general, you should to reduce, i.e. to hash the
shared point data some way.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal