Previous: , Up: Used S-expressions   [Contents][Index]


6.2.3 ECC key parameters

An ECC private key is described by this S-expression:

(private-key
  (ecc
    (p p-mpi)
    (a a-mpi)
    (b b-mpi)
    (g g-point)
    (n n-mpi)
    (q q-point)
    (d d-mpi)))
p-mpi

Prime specifying the field GF(p).

a-mpi
b-mpi

The two coefficients of the Weierstrass equation y^2 = x^3 + ax + b

g-point

Base point g.

n-mpi

Order of g

q-point

The point representing the public key Q = dG.

d-mpi

The private key d

All point values are encoded in standard format; Libgcrypt does in general only support uncompressed points, thus the first byte needs to be 0x04. However “EdDSA” describes its own compression scheme which is used by default; the non-standard first byte 0x40 may optionally be used to explicit flag the use of the algorithm’s native compression method.

The public key is similar, with "private-key" replaced by "public-key" and no d-mpi.

If the domain parameters are well-known, the name of this curve may be used. For example

(private-key
  (ecc
    (curve "NIST P-192")
    (q q-point)
    (d d-mpi)))

Note that q-point is optional for a private key. The curve parameter may be given in any case and is used to replace missing parameters.

Currently implemented curves are:

Curve25519
X25519
1.3.6.1.4.1.3029.1.5.1
1.3.101.110

The RFC-8410 255 bit curve, its RFC name, OpenPGP and RFC OIDs.

X448
1.3.101.111

The RFC-8410 448 bit curve and its RFC OID.

Ed25519
1.3.6.1.4.1.11591.15.1
1.3.101.112

The signing variant of the RFC-8410 255 bit curve, its OpenPGP and RFC OIDs.

Ed448
1.3.101.113

The signing variant of the RFC-8410 448 bit curve and its RFC OID.

NIST P-192
1.2.840.10045.3.1.1
nistp192
prime192v1
secp192r1

The NIST 192 bit curve, its OID and aliases.

NIST P-224
1.3.132.0.33
nistp224
secp224r1

The NIST 224 bit curve, its OID and aliases.

NIST P-256
1.2.840.10045.3.1.7
nistp256
prime256v1
secp256r1

The NIST 256 bit curve, its OID and aliases.

NIST P-384
1.3.132.0.34
nistp384
secp384r1

The NIST 384 bit curve, its OID and aliases.

NIST P-521
1.3.132.0.35
nistp521
secp521r1

The NIST 521 bit curve, its OID and aliases.

brainpoolP160r1
1.3.36.3.3.2.8.1.1.1

The Brainpool 160 bit curve and its OID.

brainpoolP192r1
1.3.36.3.3.2.8.1.1.3

The Brainpool 192 bit curve and its OID.

brainpoolP224r1
1.3.36.3.3.2.8.1.1.5

The Brainpool 224 bit curve and its OID.

brainpoolP256r1
1.3.36.3.3.2.8.1.1.7

The Brainpool 256 bit curve and its OID.

brainpoolP320r1
1.3.36.3.3.2.8.1.1.9

The Brainpool 320 bit curve and its OID.

brainpoolP384r1
1.3.36.3.3.2.8.1.1.11

The Brainpool 384 bit curve and its OID.

brainpoolP512r1
1.3.36.3.3.2.8.1.1.13

The Brainpool 512 bit curve and its OID.

GOST2001-test
1.2.643.2.2.35.0
GOST2001-CryptoPro-A
1.2.643.2.2.35.1
GOST2001-CryptoPro-B
1.2.643.2.2.35.2
GOST2001-CryptoPro-C
1.2.643.2.2.35.3
GOST2001-CryptoPro-A
GOST2001-CryptoPro-XchA
GOST2001-CryptoPro-C
GOST2001-CryptoPro-XchB
GOST2001-CryptoPro-A
1.2.643.2.2.36.0
GOST2001-CryptoPro-C
1.2.643.2.2.36.1
GOST2012-256-tc26-A
1.2.643.7.1.2.1.1.1
GOST2001-CryptoPro-A
1.2.643.7.1.2.1.1.2
GOST2001-CryptoPro-A
GOST2012-256-tc26-B
GOST2001-CryptoPro-B
1.2.643.7.1.2.1.1.3
GOST2001-CryptoPro-B
GOST2012-256-tc26-C
GOST2001-CryptoPro-C
1.2.643.7.1.2.1.1.4
GOST2001-CryptoPro-C
GOST2012-256-tc26-D
GOST2012-512-test
GOST2012-test
GOST2012-512-test
1.2.643.7.1.2.1.2.0
GOST2012-512-tc26-A
GOST2012-tc26-A
GOST2012-512-tc26-B
GOST2012-tc26-B
GOST2012-512-tc26-A
1.2.643.7.1.2.1.2.1
GOST2012-512-tc26-B
1.2.643.7.1.2.1.2.2
GOST2012-512-tc26-C
1.2.643.7.1.2.1.2.3
secp256k1
1.3.132.0.10
sm2p256v1
1.2.156.10197.1.301

As usual the OIDs may optionally be prefixed with the string OID. or oid..


Previous: DSA key parameters, Up: Used S-expressions   [Contents][Index]