That’s very cool that (almost) any random number can be used for the private
key and the public key can be easily derived from the private one!
See? I am quite clueless about the details of ECC. ;)
On Feb 14, 2018, at 4:05 AM, paddor <pad...@gmail.com> wrote:
One cool thing about Curve25519 is that, given the secret key, the public key
can be derived from it. And it seems that you actually you can use random bytes
for the secret key (almost). Only a few bits in the first and last byte are
fixed. Here an excerpt from :
> Computing secret keys. Inside your program, to generate a 32-byte Curve25519
> secret key, start by generating 32 secret random bytes from a
> cryptographically safe source: mysecret, mysecret, ..., mysecret.
> Then do
> mysecret &= 248;
> mysecret &= 127;
> mysecret |= 64;
> to create a 32-byte Curve25519 secret key mysecret, mysecret, ...,
Of course the conversion tool would have to print the public key so you can
collect those centrally.
Yes, it might be too much effort if you want to keep using the existing PKI
as-is. Having used ZMQ for a while now, I'd say it's worth the effort! ;-)
zeromq-dev mailing list