That’s very cool that (almost) any random number can be used for the private 
key and the public key can be easily derived from the private one!

See?  I am quite clueless about the details of ECC. ;)


On Feb 14, 2018, at 4:05 AM, paddor <> wrote:

Hi John,

One cool thing about Curve25519 is that, given the secret key, the public key 
can be derived from it. And it seems that you actually you can use random bytes 
for the secret key (almost). Only a few bits in the first and last byte are 
fixed. Here an excerpt from [1]:

> Computing secret keys. Inside your program, to generate a 32-byte Curve25519 
> secret key, start by generating 32 secret random bytes from a 
> cryptographically safe source: mysecret[0], mysecret[1], ..., mysecret[31]. 
> Then do
>     mysecret[0] &= 248;
>     mysecret[31] &= 127;
>     mysecret[31] |= 64;
> to create a 32-byte Curve25519 secret key mysecret[0], mysecret[1], ..., 
> mysecret[31].

Of course the conversion tool would have to print the public key so you can 
collect those centrally.

Yes, it might be too much effort if you want to keep using the existing PKI 
as-is. Having used ZMQ for a while now, I'd say it's worth the effort! ;-)



zeromq-dev mailing list

Reply via email to