Hi, I can confirm this is happening. My first gut feeling also was that this should work. The anonymous identity (=private key) is simply "1".
The public key for the generator G is 1*G = G and also constant. Given that ECDH simply multiplies the scalar values, there is not really an obvious reason to me why this should not work except for a math thing or implementation quirk in libsodium. BR Martin > On 1. Mar 2021, at 17:57, TheJackiMonster <[email protected]> wrote: > > Hi, > > I was actually integrating private messages into the messenger API when > I encountered that decrypting messages failed awfully. I thought > something in my code was wrong, then I double checked the crypto > functions: > > GNUNET_CRYPTO_ecdh_ecdsa(...) and GNUNET_CRYPTO_ecdsa_ecdh(...) > > But their test-case in util checked successfully. So I tested with the > ECDSA key from GNUNET_CRYPTO_ecdsa_key_get_anonymous() which gets used > by the anonymous ego in the identity service. > > So the result was, that GNUNET_CRYPTO_ecdh_ecdsa and > GNUNET_CRYPTO_ecdsa_ecdh returned different hashes when using the > anonymous key. These functions are using for encrypting and decrypting > messages (generating a shared key). > > From my point of view it would be fine to just letting the > GNUNET_IDENTITY_encrypt() and GNUNET_IDENTITY_decrypt() functions fail > when the anonymous key gets used (it doesn't make sense for private > messages anyway) but I was wondering why verification still seems to > work with this key. > > Also I wanted to ask if this behavior was expected. Maybe this could be > addressed in some doxygen comments. > > Happy hacking > Jacki
signature.asc
Description: Message signed with OpenPGP
