Home GnuPG

Weekly Standup
ActivePublic

Hosted by werner on Mon, Sep 6, 10:00 AM - 10:30 AM.

Recurring Event

Event Series
This event is an instance of E878: Weekly Standup, and repeats every week.

Event Timeline

Let's meet today at https://meeting.iacd.net use g10code as user

Topics:

  • For OpenPGP format of Curve448, it is ok for me to change the format, but I found more serious issue about use of AESWRAP.
  • Considering about new public key API for libgcrypt, I thought that calling encrypt/decrypt would be confusing for ECDH. (because it's actually doing ECDH computation, which is used for KDF in later stage, and then it's AESWRAP which does encryption/decryption with session key in an application)
  • Then, I found that: for use of AESWRAP for ECC with larger keysize (like Curve 448), while it is expected to use larger block size (for Curve 448, use of 256-bit) naturally, but current experimental implementation in gnupg2.3 does AESWRAP with 128-bit block size.
  • That's because of the situation, AESWRAP in libgcrypt is only for 128-bit block size currently.

Last week:

This week:

I was a bit confused about AESWRAP. Please forget I wrote above. (We already have support of larger keysize ECC, NIST P-521, for example.)

Let me rephrase my concern, it is KEK parameters we use for Curve448. Currently, in GnuPG 2.3, we use SHA512 and AES256 for Curve448. Is it OK? Or, perhaps, some people expect use of SHAKE256, here.