[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pkcs11] CKM_EC_EDWARDS_KEY_PAIR_GEN
Hi Dieter, Jonathan, Thanks for the info here, nCipher (Entrust) has now raised a defect on the PARAM’s name to allow the use of the correct name and OID. The reference to many specs also the different type of PARAM’s
can make this confusing. But we are correcting this now. On reading the v3 spec again I notice in section. PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 3.0 (oasis-open.org) Section 2.3.8 Montgomery Elliptic curve private key objects -
The second paragraph also starts talking about Edwards curves again so can add to the confusion referring to the second spec for Montgomery Section 6.3.8 in pkcs11-spec-v3.1-wd02 draft spec is still incorrect and should refer to Montgomery again second paragraph.
Best Regards Hamish From: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org>
On Behalf Of Jonathan Schulze-Hewett Dieter, Thanks for the reply. I agree with your opinion, but that’s exactly the issue I’m trying to raise. It’s an opinion and it doesn’t carry the weight of the spec. In this case I’d argue that the spec should just list the
values to be used rather than point folks to things that are open for interpretation. Sincerely, Jonathan From: Dieter Bong <Dieter.Bong@utimaco.com>
Hi Jonathan, The RFCs are quite clear in my opinion:
curve25519 is thus a Montgomery curve, and must be used with CKM_EC_MONTGOMERY_KEY_PAIR_GEN, and edwards25519 is an Edwards curve to be used with CKM_EC_EDWARDS_KEY_PAIR_GEN. That said, SoftHSM is right and nCipher is
wrong in my opinion. Best regards, Dieter From:
pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org>
On Behalf Of Jonathan Schulze-Hewett All, For CKM_EC_EDWARDS_KEY_PAIR_GEN, what are the curveNames? SoftHSM2 wants edwards25519. nCipher wants curve25519. The spec simply refers me to the RFCs. The OIDs are pretty clear, but the curveName option appears to be
open to interpretation. Considering it’s two values, perhaps the spec could just list what they are or otherwise provide some specificity? Sincerely, Jonathan Jonathan Schulze-Hewett Director of Development 708-445-1704 (o) | 708-822-2926 (m) schulze-hewett@infoseccorp.com
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]