When you load an object into an EllipticCurvePublicKey instance, we verify that the point is on the curve. EllipticCurvePrivateKey.exchange(ECDH(), public_key) will also refuse to perform an excahgen where the public and private keys aren't on the same curve.
Alex On Mon, Jul 23, 2018 at 4:53 PM Roland Hedberg <rol...@catalogix.se> wrote: > In > https://blogs.adobe.com/security/2017/03/critical-vulnerability-uncovered-in-json-encryption.html > Antonio Sanso discusses a vulnerability when doing Key Agreement with > Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES). > > Can cryptography help me with this ? > > Basically, can I use cryptography to check whether public key is on the > private key's curve. > > — Roland > > The higher up you go, the more mistakes you are allowed. Right at the top, > if you make enough of them, it's considered to be your style. > -Fred Astaire, dancer, actor, singer, musician, and choreographer (10 May > 1899-1987) > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > -- All that is necessary for evil to succeed is for good people to do nothing.
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
