howdy, On Tue, Jan 14, 2014 at 12:16:53PM +0100, Thomas von Dein wrote: > > - coordinate representation x, x&y, x and sign ... > > or bits to show which of these ... perhaps borrow ANSI method > > Could you please explain this further?
i believe this is not really necessary for this type of curve. especially if we manage to switch to elligator curves soonish. > > - hint / indication of cipher suite / curve > > In pcp there's already such a hint included in exported keys, however > I'm not using it, since there's no choice of different curves in > libsodium so far. But it's on the list. unfortunately pbp has such a distinguisher, it decides between asym/sym encryption. i should somehow get rid of that. > > - text encoding of binary format (ascii) > > As already stated in the other subthread, I use Z85, while stef is using > base85. Since Z85 is a subset of base85, I'm pretty sure we can agree on > something. absolutely. i like small keys, that's why we do ecc, not RSA. as it allows to use crypto e.g. also in tweets, signed tweets leave you with ~55 chars for messages, or as we recently found out also in the comment field of bank wiretransfers. i wasn't really joking doing a numberstation style output format. the https://en.wikipedia.org/wiki/PGP_word_list might be quite good for easy human voice transmission, like in key parties. takes a bit of time reciting 32 words, but might be easier than reciting a pgp keyid. > I'm not sure, how stef solved the ed25519 issue (you can't use a > curve25519 secret key to create an ed25519 signature directly). After > some discussion on the libsodium mailinglist we came up with this: > > When the user generates a new key, the ed25519 secret key will be > generated first. The curve25519 secret will be derived from that, since > the ed25519 already contains a usable curve25519 key. In pcp I store > both of them for easier access, so the ed25519 and curve25519 secret and > public keys are stored, the secret keys are encrypted and I store the > nonce as well (see include/pcp/key.h). pbp uses separate and unrelated keys for confidentiality and others for signing. > Speaking of key encryption: @stef: according to your docs you're already > using scrypt() for key derivation. I'd like to use that as well, but > it's not part of libsodium (afaik), so I use my own method for this til > scrypt() is implemented in libsodium. That's because I want to avoid > writing crypto code myself. http://ftp.de.debian.org/debian/pool/main/s/scrypt/scrypt_1.1.6.orig.tar.gz seems like a good start for reusing code. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt
