suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mask curve25519 keys during generation (before serializing them)

Browse Source 
This was broken in #922 (merged as part of #956).

This would cause GPG to be unable to parse unencrypted secret keys,
thinking they were encrypted.

rfc4880bis-08 hints at this requirement, saying:

o  MPI of an integer representing the secret key, which is a scalar
   of the public EC point.

Since scalar multiplication happens after masking the private key,
this implies that we should serialize the private key after masking,
as well.
This commit is contained in:
Daniel Huigens 2019-11-07 20:58:32 +01:00
parent 563b397391
commit fd9371a2a4
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/crypto/public_key/elliptic/curves.js
View File

@ -191,6 +191,8 @@ Curve.prototype.genKeyPair = async function () {
return nodeGenKeyPair(this.name);
case 'curve25519': {
const privateKey = await random.getRandomBytes(32);
privateKey[0] = (privateKey[0] & 127) | 64;
privateKey[31] &= 248;
const secretKey = privateKey.slice().reverse();
keyPair = nacl.box.keyPair.fromSecretKey(secretKey);
const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]);