[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNUNET_CRYPTO_ecdh_ecdsa fails with anonymous key
From: |
Schanzenbach, Martin |
Subject: |
Re: GNUNET_CRYPTO_ecdh_ecdsa fails with anonymous key |
Date: |
Tue, 2 Mar 2021 20:17:51 +0100 |
Hi,
I can confirm this is happening.
My first gut feeling also was that this should work.
The anonymous identity (=private key) is simply "1".
The public key for the generator G is 1*G = G and also constant.
Given that ECDH simply multiplies the scalar values, there is not really
an obvious reason to me why this should not work except for a math thing or
implementation quirk in libsodium.
BR
Martin
> On 1. Mar 2021, at 17:57, TheJackiMonster <thejackimonster@gmail.com> wrote:
>
> Hi,
>
> I was actually integrating private messages into the messenger API when
> I encountered that decrypting messages failed awfully. I thought
> something in my code was wrong, then I double checked the crypto
> functions:
>
> GNUNET_CRYPTO_ecdh_ecdsa(...) and GNUNET_CRYPTO_ecdsa_ecdh(...)
>
> But their test-case in util checked successfully. So I tested with the
> ECDSA key from GNUNET_CRYPTO_ecdsa_key_get_anonymous() which gets used
> by the anonymous ego in the identity service.
>
> So the result was, that GNUNET_CRYPTO_ecdh_ecdsa and
> GNUNET_CRYPTO_ecdsa_ecdh returned different hashes when using the
> anonymous key. These functions are using for encrypting and decrypting
> messages (generating a shared key).
>
> From my point of view it would be fine to just letting the
> GNUNET_IDENTITY_encrypt() and GNUNET_IDENTITY_decrypt() functions fail
> when the anonymous key gets used (it doesn't make sense for private
> messages anyway) but I was wondering why verification still seems to
> work with this key.
>
> Also I wanted to ask if this behavior was expected. Maybe this could be
> addressed in some doxygen comments.
>
> Happy hacking
> Jacki
signature.asc
Description: Message signed with OpenPGP