Why were edwards curves given distinct key types, aren't they EC keys?

Nicola nic.tuv at gmail.com
Sat Mar 16 15:05:05 UTC 2019

Well, they just don't have their individual type either: they are just
`EVP_PKEY`s, with `EVP_PKEY` being the top level API in libcrypto for
public key cryptography.
The difference with `RSA_KEY`, `DSA_KEY`, `EC_KEY` (that can be
encapsulated in a generic `EVP_PKEY` object) is that Ed* keys don't
share a common module (apart from reusing common functions for parts
of the ASN1 encoding/decoding).
RSA, DSA and EC in libcrypto are submodules on their own, with a
dedicated `{RSA,DSA,EC}_*` API, in part for legacy reasons. By the
time X25519, Ed25519 and *448 were added, the new direction in the
project was to minimise the size of the public API and recommend the
use of the unified EVP API, so it did not make any sense to have a
separate submodule with its own data types and API.

This is of course to the best of my knowledge and mostly based on
guesses, as I was not actively contributing to the project while some
of these decisions were made, and I don't have the same insight on the
history of the design of the library as other project members.



On Sat, Mar 16, 2019, 17:00 Sam Roberts <vieuxtech at gmail.com> wrote:

> That helps a lot, I can see why they are different enough from EC key
> types to be distinct.
> It still leaves me wondering whe two edwards curves have key types
> distinct from each other? Why aren't they both EVP_PKEY_ED? (or
> something of the like)
> Cheers,
> Sam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190316/a812bace/attachment.html>

More information about the openssl-users mailing list