There are many details that are not clear to me. Typical Curve25519 usage deviates from typical NIST curve usage in several ways:
1. montgomery form, not weierstrass (conversion probably possible, never looked into details) 2. custom serialization format for public keys (32 bytes little endian, reduced mod 2^255-19, no DER/BER) 3. x-coordinate only public keys 4. x-coordinate only shared secrets 5. custom serialization format for shared secrets (32 bytes little endian, no DER/BER) 6. shared secret hashed with HSalsa Which of those particularities does this OID include? ---- A related question: Why not drop montgomery form Curve25519 entirely in favor of Edwards form? In my own programs I use Edwards form for all public keys, including those used for key-exchange.
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography