AnswerBun.com

Computing PGP ed25519 and curve25519 keygrips?

Cryptography Asked by skaht on December 21, 2021

There are public key algorithmic differences for how PGP computes fingerprints and keygrips. For the v4 protocol, fingerprints are not exclusively computed from public keys while keygrips are. RFC 4880 makes no mention about keygrips.

After digging into code at 10 different places in the the libgcrypt from https://github.com/gpg/libgcrypt/blob/master/tests/keygrip.c, it is still a mystery as to how PGP keygrips are computed for ed25519 and curve25519.

Fortunately, the keygrip.c provides the two normative example test vectors:

 1. ed25519: 
    publicKey = 773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB,
    keygrip   = 9DB6C64A38830F4960701789475520BE8C821F47

 2. cv25519: 
    publicKey = 918C1733127F6BF2646FAE3D081A18AE77111C903B906310B077505EFFF12740,
    keygrip   = 0F89A565D3EA187CEA39332398F5D480677DF49C

Can someone provide the operations on the public keys prior to the sha1 hash that creates that creates the keygrip output? (Thanks in advance.)

2 Answers

Needed to stay out of libgcrypt repository and instead remain focused within the higher level gnupg repository, specifically gnupg/g10/keyid.c. The keygrip_from_pk() function is what makes the public key algo specific calls to build the S expressions that feeds the lower level gcry_pk_get_keygrip() function used to calculate the binary keygrip array that is turned into a hex keygrip by the calling function hexkeygrip_from_pk().

An analysis of the code just described above plus code at keygrip_ed25519(vk) and keygrip_curve25519(vk) should facilitate a programming language means for constructing ed25519 and cv25519 keygrips.

Answered by skaht on December 21, 2021

Keygrips are not part of PGP at all, they're just an implementation detail of GnuPG's key storage architecture specifically (which uses a common key store for PGP, S/MIME, and SSH).

As you saw, GnuPG uses libgcrypt for cryptographic operations, and the keygrip calculation can be found in cipher/pubkey.c where it's just a SHA-1 hash of the public key's parameters.

Answered by user1686 on December 21, 2021

Add your own answers!

Related Questions

Is it possible to get the PGP public key from PGP message?

1  Asked on October 24, 2021 by zenxiu

 

OpenSSL FIPS integrity check

1  Asked on October 24, 2021 by guille

       

Non-interactive proof of friendship

0  Asked on October 24, 2021 by bastet-santiago

 

Signing a GPG Public Key

1  Asked on October 24, 2021 by d-o

       

LWE versus neural nets

2  Asked on October 24, 2021 by steven-yue

   

TLS 1.2 is still secure or should we move to TLS 1.3?

1  Asked on October 24, 2021 by r1w

 

File encryption using per-user-encrypted shared key

0  Asked on October 24, 2021 by scott-brickey

   

Encrypting/Decrypting using RSA and AES; standards?

0  Asked on October 24, 2021 by alfe

     

Ask a Question

Get help from others!

© 2022 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP, SolveDir