Why were edwards curves given distinct key types, aren't they EC keys?

Sam Roberts vieuxtech at gmail.com
Sat Mar 16 19:49:07 UTC 2019


That helps a lot, thanks.

On Sat, Mar 16, 2019 at 8:05 AM Nicola <nic.tuv at gmail.com> wrote:
>
> Well, they just don't have their individual type either: they are just
> `EVP_PKEY`s, with `EVP_PKEY` being the top level API in libcrypto for
> public key cryptography.
> The difference with `RSA_KEY`, `DSA_KEY`, `EC_KEY` (that can be
> encapsulated in a generic `EVP_PKEY` object) is that Ed* keys don't
> share a common module (apart from reusing common functions for parts
> of the ASN1 encoding/decoding).
> RSA, DSA and EC in libcrypto are submodules on their own, with a
> dedicated `{RSA,DSA,EC}_*` API, in part for legacy reasons. By the
> time X25519, Ed25519 and *448 were added, the new direction in the
> project was to minimise the size of the public API and recommend the
> use of the unified EVP API, so it did not make any sense to have a
> separate submodule with its own data types and API.
>
> This is of course to the best of my knowledge and mostly based on
> guesses, as I was not actively contributing to the project while some
> of these decisions were made, and I don't have the same insight on the
> history of the design of the library as other project members.
>
> BR,
>
> Nicola
>
> On Sat, Mar 16, 2019, 17:00 Sam Roberts <vieuxtech at gmail.com> wrote:
>>
>> That helps a lot, I can see why they are different enough from EC key
>> types to be distinct.
>>
>> It still leaves me wondering whe two edwards curves have key types
>> distinct from each other? Why aren't they both EVP_PKEY_ED? (or
>> something of the like)
>>
>> Cheers,
>> Sam


More information about the openssl-users mailing list