Given that the patents on point compression expired a few years ago, Libgcrypt should support standard point compression. In particular gcry_mpi_ec_get_mpi should support it, so that we can put a compressed point into the subjectKeyIdentifier as generated by gpgsm.
What kind of API should we offer?
(1) offering something like q@comp name for gcry_mpi_ec_get_mpi
If the intended use case will be in create_request function in gpg/sm/certreqgen.c, the 'q' is already generated in the form of SEXP.
It is up to an application (gpgsm), to convert non-compressed point representation to compressed point representation, here.
(2) keygen supporting (flag comp) for classic curves to ask compressed point representation for q, and support of compressed point representation for other places.
I'm afraid this will introduce requirement of libgcrypt 1.9 for gpg.
- compressed representation of EC point can be used in:
- public key
- (exporting) private key
- ECDH ephemeral key
- Accepting compressed representation,for the initial implementation, I'd like to limit our effort for curves of NIST and Brainpool, except NIST P-224, which p = 3 mod 4.