Computing PGP ed25519 and curve25519 keygrips?

Cryptography Asked by skaht on December 21, 2021

There are public key algorithmic differences for how PGP computes fingerprints and keygrips. For the v4 protocol, fingerprints are not exclusively computed from public keys while keygrips are. RFC 4880 makes no mention about keygrips.

After digging into code at 10 different places in the the libgcrypt from, it is still a mystery as to how PGP keygrips are computed for ed25519 and curve25519.

Fortunately, the keygrip.c provides the two normative example test vectors:

 1. ed25519: 
    publicKey = 773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB,
    keygrip   = 9DB6C64A38830F4960701789475520BE8C821F47

 2. cv25519: 
    publicKey = 918C1733127F6BF2646FAE3D081A18AE77111C903B906310B077505EFFF12740,
    keygrip   = 0F89A565D3EA187CEA39332398F5D480677DF49C

Can someone provide the operations on the public keys prior to the sha1 hash that creates that creates the keygrip output? (Thanks in advance.)

2 Answers

Needed to stay out of libgcrypt repository and instead remain focused within the higher level gnupg repository, specifically gnupg/g10/keyid.c. The keygrip_from_pk() function is what makes the public key algo specific calls to build the S expressions that feeds the lower level gcry_pk_get_keygrip() function used to calculate the binary keygrip array that is turned into a hex keygrip by the calling function hexkeygrip_from_pk().

An analysis of the code just described above plus code at keygrip_ed25519(vk) and keygrip_curve25519(vk) should facilitate a programming language means for constructing ed25519 and cv25519 keygrips.

Answered by skaht on December 21, 2021

Keygrips are not part of PGP at all, they're just an implementation detail of GnuPG's key storage architecture specifically (which uses a common key store for PGP, S/MIME, and SSH).

As you saw, GnuPG uses libgcrypt for cryptographic operations, and the keygrip calculation can be found in cipher/pubkey.c where it's just a SHA-1 hash of the public key's parameters.

Answered by user1686 on December 21, 2021

Add your own answers!

Related Questions

Is it possible to get the PGP public key from PGP message?

1  Asked on October 24, 2021 by zenxiu


OpenSSL FIPS integrity check

1  Asked on October 24, 2021 by guille


Non-interactive proof of friendship

0  Asked on October 24, 2021 by bastet-santiago


Signing a GPG Public Key

1  Asked on October 24, 2021 by d-o


LWE versus neural nets

2  Asked on October 24, 2021 by steven-yue


TLS 1.2 is still secure or should we move to TLS 1.3?

1  Asked on October 24, 2021 by r1w


File encryption using per-user-encrypted shared key

0  Asked on October 24, 2021 by scott-brickey


Encrypting/Decrypting using RSA and AES; standards?

0  Asked on October 24, 2021 by alfe


Ask a Question

Get help from others!

© 2022 All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP, SolveDir